Re: Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 15 Oct 2002 12:56:48 EDT, "Choudhary, Abdur R (Rahim)" <arc@lucent.com>  said:

> It would seem to make sense if there were a Security Policy working group;
> and IPSec Policy would extend that work as a particular instance. It is just as
> the Policy Framework is extended (particularized) by the IPSec Policy or QoS
> Policy. This would determine a bigger scope for Security work at IP layer but
> not tie it, at the outset, to a particular protocol like IPSec at that layer.

Security at layers lower than where IPSec runs is an "interesting" problem,
as you run into issues like "how to do ARP securely" and physical security.
You didn't find any security groups for higher layers because you obviously
missed TLS/SSL, the SSH protocols, S/MIME, and things like that.

The reason there's only IPSec at its level is because having two competing
ways to do it there is probably counterproductive (even at higher levels,
the only reason there's both OpenPGP and S/MIME is because the two have
radically different trust models).

Another reason why you only see IPSec at that level is because it's mostly a
"done deal" - the Internet has decided that IPSec is the way to provide the
functions it provides.  You tuned in about 5 years too late to see the competing
proposals that have since evaporated in the mists of time...
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

Attachment: pgp00131.pgp
Description: PGP signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]