[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Use IPSEC as SSH replacement

To: ipsec@tis.com
Subject: Use IPSEC as SSH replacement
From: Markku Savela <msa@anise.tte.vtt.fi>
Date: Mon, 30 Nov 1998 15:34:17 +0200 (EET)
Reply-to: msa@hemuli.tte.vtt.fi (Markku Savela)
Sender: owner-ipsec@ex.tis.com

Just some idle thoughs...

Not knowing enoguh of the IKE/ISAKMP, I need to ask:

 Does it support a similar system as SSH? That is, asuming IKE/IPSEC
 implementation on both ends, two totally unrelated hosts can setup a
 secure connection between them. Without any preconfigured keys or
 knowledge about each others public keys?

After that one could just use unmodified tools (telnet, smtp, etc)
again.

And the next step: perhaps we could have a "conditional policy": even
when communication is allowed to be in clear, the system would just
activate KEY negotiation on parallel, and if the other end actually
replies and loads SA's, IPSEC would kick in (and, of course should
remain enforced from then on during that session).

-- 
Markku Savela (msa@hemuli.tte.vtt.fi), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/

Follow-Ups:

Re: Use IPSEC as SSH replacement

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

Re: Use IPSEC as SSH replacement

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Agenda stuff
Next by Date: Re: Use IPSEC as SSH replacement
Prev by thread: Re: Agenda stuff
Next by thread: Re: Use IPSEC as SSH replacement
Index(es):
- Main
- Thread