[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SOI QUESTION: 5.2 Scope of proposals




> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com 
> [mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Michael Richardson
> 
> >>>>> "Theodore" == Theodore Ts'o <tytso@mit.edu> writes:
>     Theodore> 5.2.A) Is it important to have predefined suites or a la

> carte
>     Theodore> selection of
>     Theodore> parameters?
> 
>   Predefined suites.
>   They are easier to program, easier to optomize, and easier to 
> analyze.
> 

Definitely!

>   The combinatorics do *NOT* concern me, because the effort of the 
> combinatorics of the testing exceeds any "hassle" in writing a couple 
> more RFCs.
> 
>   Predefined suites are better for pretty much every scenarios.
> 
>   We NEED a MUST suite for end-to-end security to work.

I don't completely agree.

What you NEED is a centralized management for e2e security to work. A
MUST suite only solves part of the e2e problem. Using the centralized
management, you can always ensure that host policies and suits are in
sync. 


> We need a backup
> suite to transition to should the initial suite turn out to be broken.
> 

If you know specifically what might turn out to be broken, one backup
will suffice. Otherwise you will need more than one backup.........

Regards,
Jayant
www.trlokom.com