[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

To: Stephen Kent <kent@bbn.com>
Subject: Re: revised IPsec processing model
From: Joe Touch <touch@ISI.EDU>
Date: Mon, 11 Aug 2003 14:45:37 -0700
CC: Mark Duffy <mduffy@quarrytech.com>, ipsec@lists.tislabs.com
In-Reply-To: <p05210604bb5dac22119b@[128.89.88.34]>
References: <5.2.0.9.0.20030724113200.01feed80@email> <p05210613bb4db57e16c7@[128.89.89.75]> <3F2EC3DC.6010803@isi.edu> <p05210602bb5476a89c38@[128.89.88.34]> <3F2EC97D.5050800@isi.edu> <p05210605bb5490d4bea5@[128.89.88.34]> <3F2EEEB2.5030109@isi.edu> <p05210603bb5563deac67@[128.89.88.34]> <3F37DB9B.5010601@isi.edu> <p05210604bb5dac22119b@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030529

Stephen Kent wrote:

> Joe,
> 
> I believe the bottom line here is that you view situations where dynamic 
> routing will affect the choice of an SPD as common, whereas many of us 
> view them as relatively rare.  We each have our own models of common vs. 
> rare operation and there is probably no point inn debating further which 
> is more common in what context and/or at what time (now vs. future).

Steve,

An IP security architecture ought to support IP, which includes dynamic 
routing. Dynamic routing necessarily involves overlapping traffic 
selectors; it is a disservice to assert this is a mere 'difference of 
opinions'.

> As I revise the processing model to take into account the comments I 
> have received, I will try to reword it to be as clear as possible about 
> the security implications associated with different assumptions about 
> routing tables and the extent to which they may change without secure 
> intermediation, as the security implications of such changes.

That is a good first step, but I remain concerned about whether this 
realization/clarification warrants other, more significant changes.

Joe

Follow-Ups:
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: revised IPsec processing model
  - From: Joe Touch <touch@ISI.EDU>
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>
- Re: revised IPsec processing model
  - From: Joe Touch <touch@ISI.EDU>
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>
- Re: revised IPsec processing model
  - From: Joe Touch <touch@ISI.EDU>
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>
- Re: revised IPsec processing model
  - From: Joe Touch <touch@ISI.EDU>
- Re: revised IPsec processing model
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: revised IPsec processing model
Next by Date: Re: revised IPsec processing model
Prev by thread: Re: revised IPsec processing model
Next by thread: Re: revised IPsec processing model
Index(es):
- Date
- Thread