[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auto filter rule generation for Phase 2 tunnels



Folks,

    Stephen> ... the set of security policy rules (filters) MUST be
    Stephen> ordered.  As you note, there is no obvious canonical
    Stephen> ordering, especially when one adds the other selector
    Stephen> types defined in the architecture document.

>   Is there any point in talking about an ordering if there is no
> canonical order?

Yes, I think there is.  The security policy has to be configured, and
anything that will contribute to making the specification of that
policy less error prone will increase the level of security being
provided.  The ordering can be used to reduce the complexity of the
individual entries, making them easier to understand and thus conclude
that they implement the desired policy.

>   In general, I feel that the architecture document has gone beyond
> being a functional specification and gone into being a design
> specification.

IMHO, there are places where the document does not specify things
completely enough (always good for ipsecond :-).  On the other hand, I
doubt that many of the folks who end up implementing the code will
have the level of security expertise available in this group, so I do
not think that giving a few hints and pointing out a few catch-22s is
unreasonable.  (Just because we're paranoid doesn't mean that the box
we buy and install to protect our assets (and have no way of
subjecting to a security vulnerability review), will protect us. :-)

Charlie