[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a drop/bypass action negotiation issue

To: "Charles Lynn" <clynn@bbn.com>
Subject: Re: a drop/bypass action negotiation issue
From: "Alexei V. Vopilov" <alx@elnet.msk.ru>
Date: Wed, 24 Dec 1997 17:39:46 +0300
Cc: "IPsec MailList" <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

Charles, 

:
:You have raised an interesting point.  I have been thinking about the
:drop and bypass functions as mechanisms used by the security
:administrator to specify policy.  From that perspective, I would not
:want any one else to be able to _negotiate_ any changes to the local
:policy.  However, if the local policy is to permit some trusted
:parties to poke holes in the firewall, then I can see your view.
:However, it could still be argued that the local policy is not being
:negotiated, only the use of a different preexisting policy entry.
:
:IPSecond seems like the right place to explore the requirements.
:
:Charlie

The policy is whatever that protects your system (resources).
The question is whenever you surf the net do you really want
such protection at the cost of _access_ to information?
IMO, very few systems (or people) can dictate the policy,
others just have a choice either accept it or loose the chance
to conduct business.

Sorry for the reply-delay.
regards,
--Alexei

Prev by Date: Re: a drop/bypass action negotiation issue
Next by Date: I-D ACTION:draft-ietf-ipsec-isakmp-gss-auth-01.txt
Prev by thread: Re: a drop/bypass action negotiation issue
Next by thread: Re: a drop/bypass action negotiation issue
Index(es):
- Main
- Thread