Firewall Wizards mailing list archives
Re: IPsec and firewalls
From: Ted Doty <ted () iss net>
Date: Mon, 09 Feb 1998 09:58:04 -0500
At 11:26 AM 2/6/98 -0600, Aleph One wrote:
Acutally, IPsec does separate authentication from confidentiality (RFC1827 and RCS1826). I was just talking to someone about this at USENIX. I see a market for someone that implements and ISAKMP daemon that supports transfering keys to a trusted third party. Of curse this brings you all the same headackes that Kerberos does having to maintain a secured machine with possible all session keys but hopefully your firewall maintains that level of security so it should not add many more risks. Probably any such protocols between the ISAKMP server and the firewall should be standarized by a RFC. Anyone have any comments?
The folks working on Secure DNS have been grapeling with this issue for a while. The idea is to include not only the IP address of the destination, but its public key as well. You're right in that securing a Key Distribution Center is non-trivial, and this adds an interesting new twist on DNS cache poisoning, but DNS has the advantage of being widely deployed and fairly well understood. - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Re: encapsulated protocols?, (continued)
- Re: encapsulated protocols? Adam Shostack (Feb 06)
- Re: encapsulated protocols? Mark Horn [ Net Ops ] (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- IPsec and firewalls Aleph One (Feb 07)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Aleph One (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Adam Shostack (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Effect of full disk on logging under FW-1 v 2.1? Bret Watson (Feb 09)
- Re: IPsec and firewalls Ted Doty (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 07)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- Re: encapsulated protocols? Larry J. Hughes Jr. (Feb 09)
- Re: encapsulated protocols? Jeromie Jackson (Feb 07)
- Re: encapsulated protocols? Marcus J. Ranum (Feb 09)