[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles

To: pcn@cisco.com
Subject: Re: SOI QUESTIONS: 2.3 Authentication styles
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 20 Jun 2002 09:27:25 -0400
Cc: kent@bbn.com, ipsec@lists.tislabs.com
References: <p0510030bb936bf14adbb@[12.159.173.142]><Pine.GSO.4.44.0206191634230.6314-100000@irp-view5.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

Excerpt of message (sent 19 June 2002) by Chinna N.R. Pellacuru:
> As I saw it, a minority of implementors who build high end security
> gateways, complained about not just the value of minimal access control in
> IPsec, but also about the inefficiency of doing this in IPsec and having
> to do it in the firewall feature processing anyway (because firewall
> provides extensive and true access control and intrution detection).

As one who worked on a product that arguably fits in this category,
I'd have to disagree.  There certainly is overlap between the
classification processes done in IPsec, in firewalls, in traffic
managers, and so on.  That doesn't mean things have to be
inefficient.  Instead, it means you have the opportunity to provide
all three functions through a single classification step.  That
requires more care in implementation, but it certainly is possible.

	 paul

Follow-Ups:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: Stephen Kent <kent@bbn.com>
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Index(es):
- Date
- Thread