[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: SOI QUESTIONS: 2.3 Authentication styles
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 19 Jun 2002 20:38:22 -0400 (EDT)
In-Reply-To: <Pine.GSO.4.44.0206191634230.6314-100000@irp-view5.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jun 2002, Chinna N.R. Pellacuru wrote:
> As I saw it, a minority of implementors who build high end security
> gateways, complained about not just the value of minimal access control in
> IPsec, but also about the inefficiency of doing this in IPsec and having
> to do it in the firewall feature processing anyway (because firewall
> provides extensive and true access control and intrution detection).

As has been noted before, the IPsec standards specify the results, not the
implementation, and there is no reason why the filtering called for by the
IPsec specifications can't be done by a firewall mechanism.  There is *no*
requirement that the filtering be located within some arbitrary box
labeled "IPsec", so long as it gets done somewhere. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Index(es):
- Date
- Thread