[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SAs and SPIs
If we were only worrying about "external predators" we would only need
tunnel mode, not transport mode, and I think there is a lot of interest in
transport mode. For example there are people who want multiple layers of
security so that, e.g., one could have department-level security. Also, it
was explicitly pointed out at the IPsec meeting last Friday that
connection-level IPsec is a requirement for parts of the community.
>From: John Shriver <jas@shiva.com>
>IPsec is primarily about protection from external predators. Not from
>internal ones.
>
>Certainly, anyone paranoid to the Orange Book level would have unique
>SA's for every transport connection. But, they need to be on C2 or B2
>secure systems before IPsec will add any security.