[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ICIM: comment on IPsecPolicyGroup
See below:
This is all very good since I see a clear mapping with this approach to
the approach we are using in the SNMP Policy (CONF) area. Specifically
we can say that a service (keyManagment) might need several technogoies
to be realized or could, depending on circumstance use different ones.
/jon
> ANSI has a very broad approach X9.69 called Key Management Extensions...you
> may want to take a look.
>
> Jay Wack: CTO Tecsec 703 506 9069 x112
>
> -----Original Message-----
> From: Ricky Charlet [mailto:rcharlet@xxxxxxxxxxxx]
> Sent: Tuesday, January 09, 2001 7:38 PM
> To: .ipsec-policy
> Subject: ICIM: comment on IPsecPolicyGroup
>
>
> Howdy,
>
> IPsecPolciyGroup binds together an IKERule and and IPsecRule. I'd
> like
> to see a layer of abstraction introduced, namely a KeyManagementRule.
> Then under keyManagementRule, we could use IKE for KM services if we
> wanted, but we could also use kerberose, or son-of-ike or manually
> entered keys, or....
>
> --
> Ricky Charlet : Redcreek Communications : usa (510) 795-6903
Thanks,
/jon
--
Jon Saperia saperia@xxxxxxxxxxx
Phone: 617-744-1079
Fax: 617-249-0874
http://www.jdscons.com/