[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SAs and SPIs

To: ipsec@tis.com
Subject: Re: SAs and SPIs
From: Rodney Thayer <rodney@sabletech.com>
Date: Tue, 19 Aug 1997 02:22:09 -0400
Sender: owner-ipsec@ex.tis.com

If we were only worrying about "external predators" we would only need
tunnel mode, not transport mode, and I think there is a lot of interest in
transport mode.  For example there are people who want multiple layers of
security so that, e.g., one could have department-level security.  Also, it
was explicitly pointed out at the IPsec meeting last Friday that
connection-level IPsec is a requirement for parts of the community.

>From: John Shriver <jas@shiva.com>
>IPsec is primarily about protection from external predators.  Not from
>internal ones.
>
>Certainly, anyone paranoid to the Orange Book level would have unique
>SA's for every transport connection.  But, they need to be on C2 or B2
>secure systems before IPsec will add any security.

Prev by Date: RE: replay revisited
Next by Date: Re: IPSEC and NAT
Prev by thread: Re: SAs and SPIs
Next by thread: SAs and SPIs
Index(es):
- Main
- Thread