W3C home > Mailing lists > Public > ietf-discuss@w3.org > May 2001

Re: Discussion of an app-layer API for IPsec

From: Keith Moore <moore@cs.utk.edu>
Date: Tue, 15 May 2001 00:27:24 -0400
Message-Id: <200105150427.AAA00399@astro.cs.utk.edu>
To: ned.freed@mrochek.com
cc: Paul Hoffman / IMC <phoffman@imc.org>, Alexey Melnikov <mel@messagingdirect.com>, Keith Moore <moore@cs.utk.edu>, discuss@apps.ietf.org
> Unless IPSec has a really good story to tell appliccations about the advantages
> that will accrue from its use as well as some indication that it will actually
> deploy in a fashion that's usable by applications, I despair of getting
> applications people fired up about it.

If the good story exists, I suspect it is in the ability to use the same authentication 
credentials be verifiable by the endpoints as well as the network.  i.e. the same IPsec 
credentials could be used at multiple points in the path from end to end. ideally,
one set of credentials would suffice for the entire path, even though it crossed
multiple administrative realms.

my admittedly weak understanding of this indicates that it would require making
cross-realm authentication (and cross-realm trust) scalable.  which sounds more 
like a research problem to me than an engineering exercise.  but I'd love to hear 
otherwise.

Keith
Received on Tuesday, 15 May 2001 00:28:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:28 GMT