[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
per-host keying
-----BEGIN PGP SIGNED MESSAGE-----
2401 clearly supports keying of node-to-node tunnels, both for
end-systems and gateways.
At most bakeoffs that I've been to, there has been another variation
on this, which was called per-host (vs per-node) keying. I tell my gateway
that I want security between:
1.2.3.0/24 and 4.5.6.0/24
but that I want each combination of hosts that communicate to be
seperately keyed.
I had assumed that this concept made it into a document somewhere,
but I can not find it. Am I blind, or did this concept never get written
down anywhere?
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface
iQCVAwUBO0c9hIqHRg3pndX9AQENdQP/dTSK+X/6JMvc4VWoxKLn7LdWmE0BN8/q
FCwnMt3sgUymVWzY+BwHGrufE4dSYj3tZo6wsMqwYMriVFuitWgoQKOswgfwZpn5
GRuoR0RWgJdPdxPh9gcRZRdcFtpgwsZLF5xyp80Vgj2jdQOd3vqtTEUy+Kq98bpL
UsFbQUpHEgk=
=TmW6
-----END PGP SIGNATURE-----
Follow-Ups: