[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Public Keys to initiate IPsec.

To: "Eric Nielsen" <Eric.Nielsen@sylantro.com>
Subject: RE: Public Keys to initiate IPsec.
From: Stephen Kent <kent@bbn.com>
Date: Mon, 3 Jun 2002 18:59:07 -0400
Cc: "'ipsec@lists.tislabs.com '" <ipsec@lists.tislabs.com>
In-Reply-To: <79FEAA5FABA7D411BF580001023D1BBD093D69@mailserver.sylantro.com>
References: <79FEAA5FABA7D411BF580001023D1BBD093D69@mailserver.sylantro.com>
Sender: owner-ipsec@lists.tislabs.com

Eric,

It sounds like you want to assign some name to an app that will be 
meaningful to folks trying to reach a set of apps, and which can be 
configured into the SPDs to the clients trying to reach the apps. 
Presumably this is for IPsec implementations in end systems, not 
gateways. Is there some way for a client to assert which app it is 
trying to contact, or is the client restructed to contacting only 
those apps that are listed in its SPD? Absent one or the other of 
these measures it seems unlikely that IPsec can control access (from 
the client perspective) in a meaningful way. You've explained some 
things about mechanisms constraints, but I'm not sure I understand 
the security goals of using Ipsec here, which makes it hard to figure 
out what solutions might be applicable.


Steve

References:
- RE: Public Keys to initiate IPsec.
  - From: "Eric Nielsen" <Eric.Nielsen@sylantro.com>

Prev by Date: RE: addresses and IKEv2
Next by Date: RE: Specification of tunnel/transport attribute in IKEv2
Prev by thread: RE: Public Keys to initiate IPsec.
Next by thread: RE: Public Keys to initiate IPsec.
Index(es):
- Date
- Thread