[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPD policy document/article
At 2:10 PM -0800 11/21/02, Wes Hardaker wrote:
> >>>>> On Thu, 21 Nov 2002 19:13:59 +0530, Lokesh
><lokeshnb@intotoinc.com> said:
>
>lokeshnb> I'm looking for a document or article where a SPD policy's
>lokeshnb> all complexities and intricacies are explained better in
>lokeshnb> detail. If there is one please let me know the link.
>lokeshnb> Basically, I'm looking for configuration and behavior of SPD
>lokeshnb> and IPSec that generate
>
>Lokesh,
>
>The IPSP working group has done a lot of work in this area to define
>what a security policy database should contain. Specifically, they've
>produced a conceptual data model and a SNMP MIB and a COPS PIB for
>actually manipulating that data model on the network. A publicly
>available reference release of the MIB for linux (and a policy
>management server which should work on any server) have been written
>and is available from net-policy.sourceforge.net (though at this
>moment, some of the sourceforge servers are apparently down).
>I strongly recommend you look at the documents that the IPSP group
>have written (and the DMTF's UML diagrams of the same model).
>
>--
>Wes Hardaker
>Network Associates Laboratories
Wes,
RFC 2401 establishes the standard for the minimum required data
elements for the SPD used in IPsec, and then defines how a conformant
IPsec implementation uses this data. So, I assume your comments are
referring to other protocols, right?
Steve