[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to

To: "M.C.Nelson" <netsec@panix.com>
Subject: Re: Last Call: Security Architecture for the Internet Protocol to
From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 07 Apr 1998 22:45:05 -0400
cc: "Scott G. Kelly" <skelly@redcreek.com>, Peter Ford <peterf@microsoft.com>, ipsec@tis.com
In-reply-to: Your message of "Tue, 07 Apr 1998 18:46:31 EDT." <Pine.SUN.3.94.980407183845.9025A-100000@panix3.panix.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

"M.C.Nelson" writes:
> 
> On Fri, 27 Mar 1998, Scott G. Kelly wrote:
> > 
> > IPSEC as currently spec'd is SSSSEEEECCCCUUURRRREEE.
> 
>   Has this been established?  It seems doubtful in view of
>   (i) its complexity,

The basic protocol is highly simple. It encrypts and encapsulates a
packet. Lots of niggling details show up, like "what does this do to
the reported MTU of the link" and such, but I can explain IPSec's
essense to people in a couple of minutes with reasonably high detail.

>   and (ii) its explicit support for gateways and "trusted networks".

IPSec permits you to build VPNs. VPNs are naturally only as secure as
the end networks, but the IPSec tunnels themselves are almost
certainly going to be hard to break.

Perry

Follow-Ups:

Re: Last Call: Security Architecture for the Internet Protocol to

From: "M.C.Nelson" <netsec@panix.com>

References:

Re: Last Call: Security Architecture for the Internet Protocol to

From: "M.C.Nelson" <netsec@panix.com>

Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to
Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to
Index(es):
- Main
- Thread