[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Public Keys to initiate IPsec.

To: "Eric Nielsen" <Eric.Nielsen@xxxxxxxxxxxx>
Subject: RE: Public Keys to initiate IPsec.
From: Stephen Kent <kent@xxxxxxx>
Date: Mon, 3 Jun 2002 18:59:07 -0400
Cc: "'ipsec@xxxxxxxxxxxxxxxxx '" <ipsec@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Eric,

It sounds like you want to assign some name to an app that will be meaningful to folks trying to reach a set of apps, and which can be configured into the SPDs to the clients trying to reach the apps. Presumably this is for IPsec implementations in end systems, not gateways. Is there some way for a client to assert which app it is trying to contact, or is the client restructed to contacting only those apps that are listed in its SPD? Absent one or the other of these measures it seems unlikely that IPsec can control access (from the client perspective) in a meaningful way. You've explained some things about mechanisms constraints, but I'm not sure I understand the security goals of using Ipsec here, which makes it hard to figure out what solutions might be applicable.

Steve

References:
- RE: Public Keys to initiate IPsec.
  - From: Eric Nielsen

Prev by Date: RE: addresses and IKEv2
Next by Date: RE: Specification of tunnel/transport attribute in IKEv2
Previous by thread: RE: Public Keys to initiate IPsec.
Next by thread: RE: Public Keys to initiate IPsec.
Index(es):
- Date
- Thread