[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Is TS agreement necessary?

To: "Rajesh Mohan" <Rajesh.Mohan@nexsi.com>
Subject: RE: Is TS agreement necessary?
From: Stephen Kent <kent@bbn.com>
Date: Thu, 4 Apr 2002 10:16:31 -0500
Cc: <ipsec@lists.tislabs.com>
In-Reply-To: <D5E631D5313A324A80B1211963B5D43E0D528D@MBX-SVR1.Winnet.NEXSI.NET>
References: <D5E631D5313A324A80B1211963B5D43E0D528D@MBX-SVR1.Winnet.NEXSI.NET>
Sender: owner-ipsec@lists.tislabs.com

At 5:13 PM -0800 4/3/02, Rajesh Mohan wrote:
>  >
>>  we designed IPsec to not have to trust peers to do the right thing.
>>  we adopted a defensive posture consistent with the security principle
>>  of least privilege.  I'm not sure how to interpret your comments
>>  relative to this well known security principle.
>>
>
>I think we are imposing the trust model on the end users here. It 
>should be configurable. If the administrators chooses to trust the 
>peer, then there should be a way to configure it.
>
>If we do not allow, people will workaround it. For example, if it is 
>required, people will do IP in IP with the gateways as selectors.
>
>
>-Rajesh M

Good security engineering dictates mutual suspicion in contexts such as these.

This is not a "trust model" in a PKI sense.

Steve

References:
- RE: Is TS agreement necessary?
  - From: "Rajesh Mohan" <Rajesh.Mohan@nexsi.com>

Prev by Date: RE: Dead peer detection
Next by Date: Re: Is TS agreement necessary?
Prev by thread: RE: Is TS agreement necessary?
Next by thread: RE: Is TS agreement necessary?
Index(es):
- Date
- Thread