[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: a drop/bypass action negotiation issue

To: "Borovoy, Noam" <nborovoy@oas_mail.brea.interlink.com>
Subject: RE: a drop/bypass action negotiation issue
From: Indermohan Singh Monga <imonga@BayNetworks.COM>
Date: Fri, 19 Dec 1997 15:57:25 -0500
Cc: "'Alexei V. Vopilov'" <alx@elnet.msk.ru>, IPsec MailList <ipsec@tis.com>
In-Reply-To: <F30BAAC39A86D0119404006097148B4C05F4EC@oas_mail.brea.interlink.com>
References: <F30BAAC39A86D0119404006097148B4C05F4EC@oas_mail.brea.interlink.com>
Sender: owner-ipsec@ex.tis.com


BN> On the second issue - policy management and distribution - there needs
BN> to be a lot of work done in IPsecond to enable future interoperability.
BN> I'll second you on policy negotiation and management being key to any
BN> wide deployment, there certainly should be more discussion on this
BN> topic.

I do believe in the solving the problem of policy management and distribution.
This is especially true if every desktop will be able to negotiate security
associations based on company security policy.

I disagree with policy negotiation, this can become a considerable security hole
which a network administrator configuring policy cannot comprehend. Does this
negotiation mean, secure when you can, not-so-secure when you can't? (borrowing very
common phrase..).  Can you give me an example where such negotiation would help
security?

Thanks,
Inder

References:

RE: a drop/bypass action negotiation issue

From: "Borovoy, Noam" <nborovoy@oas_mail.brea.interlink.com>

Prev by Date: Results of the IPSEC document reading party
Next by Date: Re: Results of the IPSEC document reading party
Prev by thread: RE: a drop/bypass action negotiation issue
Next by thread: Re: a drop/bypass action negotiation issue
Index(es):
- Main
- Thread