[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

per-host keying



-----BEGIN PGP SIGNED MESSAGE-----


  2401 clearly supports keying of node-to-node tunnels, both for
end-systems and gateways.

  At most bakeoffs that I've been to, there has been another variation
on this, which was called per-host (vs per-node) keying. I tell my gateway
that I want security between:
     1.2.3.0/24	     and	4.5.6.0/24

  but that I want each combination of hosts that communicate to be
seperately keyed.

  I had assumed that this concept made it into a document somewhere,
but I can not find it. Am I blind, or did this concept never get written
down anywhere?

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface

iQCVAwUBO0c9hIqHRg3pndX9AQENdQP/dTSK+X/6JMvc4VWoxKLn7LdWmE0BN8/q
FCwnMt3sgUymVWzY+BwHGrufE4dSYj3tZo6wsMqwYMriVFuitWgoQKOswgfwZpn5
GRuoR0RWgJdPdxPh9gcRZRdcFtpgwsZLF5xyp80Vgj2jdQOd3vqtTEUy+Kq98bpL
UsFbQUpHEgk=
=TmW6
-----END PGP SIGNATURE-----


Follow-Ups: