W3C home > Mailing lists > Public > ietf-discuss@w3.org > May 2001

Re: Discussion of an app-layer API for IPsec

From: Keith Moore <moore@cs.utk.edu>
Date: Tue, 15 May 2001 00:27:24 -0400
Message-Id: <200105150427.AAA00399@astro.cs.utk.edu>
To: ned.freed@mrochek.com
cc: Paul Hoffman / IMC <phoffman@imc.org>, Alexey Melnikov <mel@messagingdirect.com>, Keith Moore <moore@cs.utk.edu>, discuss@apps.ietf.org
> Unless IPSec has a really good story to tell appliccations about the advantages
> that will accrue from its use as well as some indication that it will actually
> deploy in a fashion that's usable by applications, I despair of getting
> applications people fired up about it.

If the good story exists, I suspect it is in the ability to use the same authentication 
credentials be verifiable by the endpoints as well as the network.  i.e. the same IPsec 
credentials could be used at multiple points in the path from end to end. ideally,
one set of credentials would suffice for the entire path, even though it crossed
multiple administrative realms.

my admittedly weak understanding of this indicates that it would require making
cross-realm authentication (and cross-realm trust) scalable.  which sounds more 
like a research problem to me than an engineering exercise.  but I'd love to hear 

Received on Tuesday, 15 May 2001 00:28:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:08:12 UTC