ietf
[Top] [All Lists]

Re: Security

2002-10-15 11:50:54
On Tue, 15 Oct 2002 12:56:48 EDT, "Choudhary, Abdur R (Rahim)" 
<arc(_at_)lucent(_dot_)com>  said:

It would seem to make sense if there were a Security Policy working group;
and IPSec Policy would extend that work as a particular instance. It is just 
as
the Policy Framework is extended (particularized) by the IPSec Policy or QoS
Policy. This would determine a bigger scope for Security work at IP layer but
not tie it, at the outset, to a particular protocol like IPSec at that layer.

Security at layers lower than where IPSec runs is an "interesting" problem,
as you run into issues like "how to do ARP securely" and physical security.
You didn't find any security groups for higher layers because you obviously
missed TLS/SSL, the SSH protocols, S/MIME, and things like that.

The reason there's only IPSec at its level is because having two competing
ways to do it there is probably counterproductive (even at higher levels,
the only reason there's both OpenPGP and S/MIME is because the two have
radically different trust models).

Another reason why you only see IPSec at that level is because it's mostly a
"done deal" - the Internet has decided that IPSec is the way to provide the
functions it provides.  You tuned in about 5 years too late to see the competing
proposals that have since evaporated in the mists of time...
-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: pgp7W5f2LLa9U.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>