- From: Keith Moore <moore@cs.utk.edu>
- Date: Tue, 15 May 2001 00:27:24 -0400
- To: ned.freed@mrochek.com
- cc: Paul Hoffman / IMC <phoffman@imc.org>, Alexey Melnikov <mel@messagingdirect.com>, Keith Moore <moore@cs.utk.edu>, discuss@apps.ietf.org
> Unless IPSec has a really good story to tell appliccations about the advantages > that will accrue from its use as well as some indication that it will actually > deploy in a fashion that's usable by applications, I despair of getting > applications people fired up about it. If the good story exists, I suspect it is in the ability to use the same authentication credentials be verifiable by the endpoints as well as the network. i.e. the same IPsec credentials could be used at multiple points in the path from end to end. ideally, one set of credentials would suffice for the entire path, even though it crossed multiple administrative realms. my admittedly weak understanding of this indicates that it would require making cross-realm authentication (and cross-realm trust) scalable. which sounds more like a research problem to me than an engineering exercise. but I'd love to hear otherwise. Keith
Received on Tuesday, 15 May 2001 00:28:03 UTC