[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Specification of BGP IPsec policy

To: "William Dixon" <ietf-wd@v6security.com>
Subject: Re: [Ipsec] Specification of BGP IPsec policy
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 23 Apr 2004 10:31:36 -0700
Cc: ipsec@lists.tislabs.com
In-reply-to: Message from "William Dixon" <ietf-wd@v6security.com> of "Wed, 21 Apr 2004 17:26:44 EDT." <200404212128.i3LLS1xe022580@rs9.luxsci.com>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <200404212128.i3LLS1xe022580@rs9.luxsci.com>
Sender: ipsec-admin@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "William" == William Dixon <ietf-wd@v6security.com> writes:
    William> The reason I ask is because the UK NISCC guidance says "use
    William> IPsec".

    William> http://www.uniras.gov.uk/vuls/2004/236929/index.htm

  William, to "use IPsec", you have to bilaterally agree to do so.
As such, one can decide about the SPD along with the keying material or
method. If if is all within an enterprise, then perhaps they can put it
into a policy directory of some kind as well.

  One can also say bilaterally agree to "use IPsec Opportunistic
Encryption" (or just let people know your router supports it on your IX
list), in which case, all those details are *ALSO* already specified.

    William> I'm surprised that with such initial coordination, a
    William> specification of HOW to use IPsec wasn't offered in the
    William> bulletin.

  Because it isn't necessary.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQIlS94qHRg3pndX9AQG2CgQArFV0VOBbCe7jvXMzI52Ii87V4oqso1hk
6LVC1QDWnWxVzvTW12/KKBkFfZ2koav+WJUKbrETbJEy6c/bQTL/eBEdP+RzlByG
ZZQNMR08hYFI50+TmO2tN5mpuXnosTflWEClHk33QWg76Y1HDBnVYgr/WGKTz4ac
cZcZD5nT3Tk=
=19pA
-----END PGP SIGNATURE-----

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- RE: [Ipsec] Specification of BGP IPsec policy
  - From: "William Dixon" <ietf-wd@v6security.com>

References:
- RE: [Ipsec] Specification of BGP IPsec policy
  - From: "William Dixon" <ietf-wd@v6security.com>

Prev by Date: RE: [Ipsec] Specification of BGP IPsec policy
Next by Date: [Ipsec] Re: Failure
Previous by thread: RE: [Ipsec] Specification of BGP IPsec policy
Next by thread: RE: [Ipsec] Specification of BGP IPsec policy
Index(es):
- Date
- Thread