Re: Discussion of an app-layer API for IPsec

> Unless IPSec has a really good story to tell appliccations about the advantages
> that will accrue from its use as well as some indication that it will actually
> deploy in a fashion that's usable by applications, I despair of getting
> applications people fired up about it.

If the good story exists, I suspect it is in the ability to use the same authentication 
credentials be verifiable by the endpoints as well as the network.  i.e. the same IPsec 
credentials could be used at multiple points in the path from end to end. ideally,
one set of credentials would suffice for the entire path, even though it crossed
multiple administrative realms.

my admittedly weak understanding of this indicates that it would require making
cross-realm authentication (and cross-realm trust) scalable.  which sounds more 
like a research problem to me than an engineering exercise.  but I'd love to hear 


Received on Tuesday, 15 May 2001 00:28:03 UTC