[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Simplifying IKE



> -----Original Message-----
> From: Stephen Kent [mailto:kent@bbn.com]
>
> we disagree. firewalls typically make access control decisions based 
> on unauthenticated data from packet headers. IPsec makes these 
> decisions based on authenticated identities and mutually enforced 
> constraints on these packet headers. in that regard, the access 
> control services are far superior to what is provided by freestanding 
> firewalls.

I was assuming you take all these things together.  If tunnel SAs are
treated as interfaces by the firewall then it can enforce the IPSEC
constraints.

> >As an aside, is there a 'standard' way for an application to 
> request a
> >specific IPSEC policy for its traffic?
> 
> No. APIs for IPsec have not been standardized.

I think this might be one of the reasons why IPSEC hasn't taken off so
widely.  I wouldn't know how to create a socket with a particular IPSEC
policy.

SSL managed to fit much better into applications and is widely used - even
if some of the fundamentals are not as strong (which also helped it...).

Chris


-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended 
for the addressee(s) only.  If you have received this message in error or 
there are any problems please notify the originator immediately.  The 
unauthorized use, disclosure, copying or alteration of this message is 
strictly forbidden. Baltimore Technologies plc will not be liable for direct, 
special, indirect or consequential damages arising from alteration of the 
contents of this message by a third party or as a result of any virus being 
passed on.

In addition, certain Marketing collateral may be added from time to time to 
promote Baltimore Technologies products, services, Global e-Security or 
appearance at trade shows and conferences.
 
This footnote confirms that this email message has been swept by 
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.



Follow-Ups: