Re: Issue# 1-Security Policy Definition

["Angelos D. Keromytis" <angelos@xxxxxxxxxxxxxxxxx>]

In message <399C3D46.179E716F@xxxxxxxxxxxxxxxxxx>, "Abdallah Rayhan" writes:
>Issue# 1-Security Policy Definition
>
>What is the policy that we are trying to address here?
>
>   1-Is it a pre-IKE/IPSec initialization process, e.g,
>     the SA parameters needed to make IKE/IPSec run
>     smoothly (pre-IKE interoperability)?

Yes, but as a side-effect of (2).

>   2-Resolving the tunneling issues of IKE/IPSec? e.g.,
>     how to build IPSec tunnels across multiple gateways?

This is the main goal of the WG as specified in the charter.

>   3-Defining IPsec-gateway traversal policy? e.g.,
>     allow certain policy (filtering rules) to be
>     defined on the fly and enforced on the IPSec
>     packets traversing certain gateways (open
>     pinholes in the gateway for particular
>     applications)!

I'm not sure what you mean here (in particular, how it's different from (2)
in any significant way).

>   4-Providing low-level policy infrastructure to
>     facilitate installing network (high-level) policies
>     into network devices? In this case, what is the
>     difference between the two? e.g, provisioning,
>     and how to map the two?

We are not touching high level policy in this WG. At all.
-Angelos