[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Public Keys to initiate IPsec.
Eric,
It sounds like you want to assign some name to an app that will be
meaningful to folks trying to reach a set of apps, and which can be
configured into the SPDs to the clients trying to reach the apps.
Presumably this is for IPsec implementations in end systems, not
gateways. Is there some way for a client to assert which app it is
trying to contact, or is the client restructed to contacting only
those apps that are listed in its SPD? Absent one or the other of
these measures it seems unlikely that IPsec can control access (from
the client perspective) in a meaningful way. You've explained some
things about mechanisms constraints, but I'm not sure I understand
the security goals of using Ipsec here, which makes it hard to figure
out what solutions might be applicable.
Steve