[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: IPSEC and NAT
At 08:51 AM 8/19/97 -0500, pcalhoun@usr.com wrote:
>
> One REALLY STUPID way of doing it is to share the private/public keys
> between the host and the NAT (I DO NOT RECCOMEND YOU TO DO THIS AT
> HOME). An alternative is for the NAT to run in tunnel mode on behalf
> of the initiator (but this assumes that the initiator trusts the NAT,
> which it probably does not).
I really got to do some writing today :) But there are a couple of items I
will address here. First off, until IPsec is deployed at hosts and we come
to agreement on 'chaining' and/or 'nesting' IPsec tunnels and/or
transports, systems behind gateways MUST trust the gateways and gateways
MUST trust gateways in proxying these activities.
It is probably badness to get into a mode of placing host certificates on
gateways. You might as well only use IP addresses for now and work on
further deploying IPsec asap.
Robert Moskowitz
Chrysler Corporation
(810) 758-8212
Follow-Ups:
References: