[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: SOI QUESTION: 5.2 Scope of proposals
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]
> On Behalf Of Michael Richardson
>
> >>>>> "Theodore" == Theodore Ts'o <tytso@mit.edu> writes:
> Theodore> 5.2.A) Is it important to have predefined suites or a la
> carte
> Theodore> selection of
> Theodore> parameters?
>
> Predefined suites.
> They are easier to program, easier to optomize, and easier to
> analyze.
>
Definitely!
> The combinatorics do *NOT* concern me, because the effort of the
> combinatorics of the testing exceeds any "hassle" in writing a couple
> more RFCs.
>
> Predefined suites are better for pretty much every scenarios.
>
> We NEED a MUST suite for end-to-end security to work.
I don't completely agree.
What you NEED is a centralized management for e2e security to work. A
MUST suite only solves part of the e2e problem. Using the centralized
management, you can always ensure that host policies and suits are in
sync.
> We need a backup
> suite to transition to should the initial suite turn out to be broken.
>
If you know specifically what might turn out to be broken, one backup
will suffice. Otherwise you will need more than one backup.........
Regards,
Jayant
www.trlokom.com