[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: compare-jfk-sigma.txt
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Markku" == Markku Savela <msa@burp.tkv.asdf.org> writes:
Markku> I assume a host has a policy database which is maintained by the USER
Markku> of the host. This user decides what policies apply to his/her host!
If we had that level of coordination then we wouldn't even need a key manager.
Markku> For example,
Markku> if there is a web server (= 10.0.0.1) that requires ESP (3DES) to
Markku> access the pages, then user *ADDS* the following line to the policy
Markku> database
So, you are proposing HOSTS.TXT. let's preconfigure everything.
Forget about distributing policy, or discovering you. You figure we have
time/memory/knowledge to configure policy for all 2^32 (2^128 in v6) hosts
out there.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPBkgGoqHRg3pndX9AQF87gP/S/TUM/aP3GGcFnawl9trRl+83pZpQiR2
iZ7rMSPrvpfH1RLmxFHFrWDzmTJsjfk8OZdAYNyFeLFz+3AaIC4HZrLBWzCYdjHp
HJrUPQ/igY5jBjvY/oZiY9oHkLduPGbcN89uBFuC6IkdBUEguUnP/P118GI+eDZy
NPnTEmdJ9cI=
=lQtX
-----END PGP SIGNATURE-----
References: