[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: compare-jfk-sigma.txt
On Sat, 8 Dec 2001, Markku Savela wrote:
> > That sounds great for outbound/initiator.
> > How does one communicate selectors to the kernel of the responder?
>
> Policy is what gets handed down to you by a person (or a system)
> responsible for the security of the site or service you want to use
> and which is protected by IPSEC.
Assuming that both you and the site/service you want to use are under
the same administration. Which is by no means universally true.
There is also the desirability of checking for errors. Even under a
common administration, just because the two ends are *supposed* to agree
on security policy does not mean they do, and a silent failure of
agreement can result in no communication and no clear indication of why.
Henry Spencer
henry@spsystems.net
References: