[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to




Perry,


On Tue, 7 Apr 1998, Perry E. Metzger wrote:
> 
> The basic protocol is highly simple. It encrypts and encapsulates a
> packet. Lots of niggling details show up, like "what does this do to
> the reported MTU of the link" and such, but I can explain IPSec's
> essense to people in a couple of minutes with reasonably high detail.
>

The niggling details are no doubt, the source of a lot of the complexity.
I agree with you that it should be a simple and short exercise to
describe the simple task of encrypting IP datagrams.

> IPSec permits you to build VPNs. VPNs are naturally only as secure as
> the end networks, but the IPSec tunnels themselves are almost
> certainly going to be hard to break.

Most of the attacks occur on the local networks.  Imagine a sniffer
that copies itself from one network to another.  The encryption
tunnel that joins those networks is irrelevant to this scenario.
In effect, the security of the second network is parameterized
by the security decisions implemented on the first network.


Regards,
Mitch Nelson



References: