[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec Complexity

To: ipsec@lists.tislabs.com
Subject: IPSec Complexity
From: Skye Poier <skye@ffwd.com>
Date: Tue, 15 Feb 2000 17:21:28 -0800
Sender: owner-ipsec@lists.tislabs.com

Hello,

I just finished reading Niels Ferguson and Bruce Schneier's paper
"A Cryptographic Evaluation of IPSec".  They raise some interesting 
points, especially with regards to the complexity of the IPSec
specification.  I am working on a plan to integrate IPSec with our
product line and the major hurdle seems to be supporting the
different modes (tunnel vs transport) and protocols (AH vs ESP).

In conclusion the paper recommends adopting ESP/tunnel mode with
mandatory authentication and dropping the rest.  This certainly
appeals to me as we were already pondering the idea of using tunnel
mode everywhere (host-host, host-sg, sg-sg) for simplicity.

Has this topic already been discussed?  What is the current status
of the IPSec specification?  Is it an evolving standard?

I can't find any disadvantages to using tunnels mode everywhere, except
for a slight increase in bandwidth usage.  Comments?

Thanks
Skye

--
Clarity of thought should be accompanied by clarity of technique - Mondriaan
Powered by ffwd internet division   [ http://www.ffwd.com/ ]

Follow-Ups:

Re: IPSec Complexity

From: Paul Hoffman <paul.hoffman@vpnc.org>

Re: IPSec Complexity

From: "William I. MacGregor" <macgregor@austin.apc.slb.com>

Prev by Date: No Subject
Next by Date: Re: IPSec Complexity
Prev by thread: No Subject
Next by thread: Re: IPSec Complexity
Index(es):
- Main
- Thread