[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bundle or not in negotiation
The discussion below points out the need to separate mechanisms from
policy about the use of those mechanisms. However, while some may
find it sufficient to have IKE create mechanism sets and to have IPSEC
enforce policy over use of those sets, I believe that many people want
a way to have a rational negotiation of mutually acceptable policy,
prior to use. This was the reason for suggesting "trust management" as
a separate protocol --- one that could be mapped to the uses of
several IETF security suites.
Trust management would fill the gap between "IKE proposes, IPSEC
disposes" without requiring changes to either of them. Is there
enough interest in this to motivate discussion of requirements?
Hilarie
> From: Markku Savela <msa@anise.tte.vtt.fi>
>
> > From: Daniel Harkins <dharkins@dharkins-ss20.cisco.com>
>
> > It doesn't really need anything but you have to express your wishes to
> > the peer as unambiguously as possible. If your wishes are "protect all
> > these packets with both AH and ESP" but you say "protect all these packets
> > with AH" and then at some later time say "protect all these packets with
> ESP" the peer can two things.
>
> This where our views of IPSEC architecture seem to differ
> radically. IPSEC does not express a "wish" to key management, it gives
> it a command to set up a matching pair of SAs on both end points
...
> What I am trying to do, is to put the key management back to its box
> (of negotiating single SA pairs) and prevent it meddling (or confusing
> itself) with things is has no business to touch or know about, such as
> IPSEC policies.
Hilarie
Follow-Ups: