Re: compare-jfk-sigma.txt

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Markku" == Markku Savela <msa@burp.tkv.asdf.org> writes:
    Markku> I assume a host has a policy database which is maintained by the USER
    Markku> of the host. This user decides what policies apply to his/her host!

  If we had that level of coordination then we wouldn't even need a key manager.

    Markku> For example,

    Markku>    if there is a web server (= 10.0.0.1) that requires ESP (3DES) to
    Markku>    access the pages, then user *ADDS* the following line to the policy
    Markku>    database

  So, you are proposing HOSTS.TXT. let's preconfigure everything.

  Forget about distributing policy, or discovering you. You figure we have
time/memory/knowledge to configure policy for all 2^32 (2^128 in v6) hosts
out there. 

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPBkgGoqHRg3pndX9AQF87gP/S/TUM/aP3GGcFnawl9trRl+83pZpQiR2
iZ7rMSPrvpfH1RLmxFHFrWDzmTJsjfk8OZdAYNyFeLFz+3AaIC4HZrLBWzCYdjHp
HJrUPQ/igY5jBjvY/oZiY9oHkLduPGbcN89uBFuC6IkdBUEguUnP/P118GI+eDZy
NPnTEmdJ9cI=
=lQtX
-----END PGP SIGNATURE-----

---

References:

• Re: compare-jfk-sigma.txt
• From: Markku Savela <msa@burp.tkv.asdf.org>

---

• Prev by Date: RE: IKEv2 and NAT traversal
• Next by Date: IKEv2 traffic selector subsetting.
• Prev by thread: Re: compare-jfk-sigma.txt
• Next by thread: Re: compare-jfk-sigma.txt
• Index(es):
  • Main
  • Thread