[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] Re:

To: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>, "Melinda Shore" <mshore@cisco.com>
Subject: Re: [saag] Re:
From: "Prof. Ahmed Bin Abbas Ahmed Ali Adas" <alaadas@kaau.edu.sa>
Date: Thu, 30 May 2002 00:44:44 +0300
Cc: "IPsec" <ipsec@lists.tislabs.com>, "Security_Area_Advisory_Group" <saag@mit.edu>
References: <5.1.0.14.0.20020529094532.00ab6b90@localhost> <5.1.0.14.0.20020529100110.00aad1b0@localhost>
Sender: owner-ipsec@lists.tislabs.com

Hi

The best approach in my view is to use CORBA and CORBsec to deal with path
messages, I believe if CORBA routers can be realized very soon, most of your
IPsec shortcomings will be resolved.

Ahmed
----- Original Message -----
From: "Melinda Shore" <mshore@cisco.com>
To: "Hannes Tschofenig" <Hannes.Tschofenig@mchp.siemens.de>
Cc: "IPsec" <ipsec@lists.tislabs.com>; "Security_Area_Advisory_Group"
<saag@mit.edu>
Sent: Wednesday, May 29, 2002 5:06 PM
Subject: RE: [saag] Re:


> At 03:59 PM 5/29/02 +0200, Hannes Tschofenig wrote:
> >do you think that the hop-by-hop security in rsvp is a good or a bad
thing?
> >should there be more than what is currently provided?
>
> There needs to be more than what is currently provided,
> but, as always, there's a big keying/cert problem, particularly
> in a multi-"domain" environment.  I don't think the threat
> environment is particularly well-understood (I've seen your
> NSIS draft but haven't gone through it in detail).  Clearly
> IPSec is not the right answer for Path messages, however,
> because while the addressing is end-to-end the payload
> contents do change as the packet transits participating
> routers.
>
> Melinda
>

References:
- RE: [saag] Re:
  - From: Melinda Shore <mshore@cisco.com>
- RE: [saag] Re:
  - From: Melinda Shore <mshore@cisco.com>

Prev by Date: Re: ipsec to secure rsvp
Next by Date: Re: addresses and IKEv2
Prev by thread: RE: [saag] Re:
Next by thread: Re: [saag] Re:
Index(es):
- Date
- Thread