[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.3 Authentication styles
On Wed, 19 Jun 2002, Henry Spencer wrote:
> On Wed, 19 Jun 2002, Chinna N.R. Pellacuru wrote:
> > As I saw it, a minority of implementors who build high end security
> > gateways, complained about not just the value of minimal access control in
> > IPsec, but also about the inefficiency of doing this in IPsec and having
> > to do it in the firewall feature processing anyway (because firewall
> > provides extensive and true access control and intrution detection).
>
> As has been noted before, the IPsec standards specify the results, not the
> implementation, and there is no reason why the filtering called for by the
> IPsec specifications can't be done by a firewall mechanism. There is *no*
> requirement that the filtering be located within some arbitrary box
> labeled "IPsec", so long as it gets done somewhere.
>
> Henry Spencer
> henry@spsystems.net
Is that the majority opinion? The WG consensus? Do, most regular
contributors to this forum agree to this?
thanks,
chinna