[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: a drop/bypass action negotiation issue
BN> On the second issue - policy management and distribution - there needs
BN> to be a lot of work done in IPsecond to enable future interoperability.
BN> I'll second you on policy negotiation and management being key to any
BN> wide deployment, there certainly should be more discussion on this
BN> topic.
I do believe in the solving the problem of policy management and distribution.
This is especially true if every desktop will be able to negotiate security
associations based on company security policy.
I disagree with policy negotiation, this can become a considerable security hole
which a network administrator configuring policy cannot comprehend. Does this
negotiation mean, secure when you can, not-so-secure when you can't? (borrowing very
common phrase..). Can you give me an example where such negotiation would help
security?
Thanks,
Inder
References: