Experiences with Host-to-Host IPsec
I am going to talk about some problems with IPSec, especially about how IPSec policies are specified, and whether that matches the kind of security requirements we had in the beginning, and which were why we introduced IPSec. Maybe everyone is familiar with IPSec, but it might be useful to have the same kind of picture in mind, because you can look at these things from various points of view.
Most of the research in the past has been on things like, is this security protocol secure, is this authenticated key exchange protocol secure. In this talk I am just going to assume that you have some authenticated key exchange protocol and that it is secure. Also there’s been lots of work on the cryptographic algorithms: is this encryption (or Mac) the most efficient and the most secure one known, or the best compromise between the two. And that’s another thing that I’m not going to talk about, I shall just assume it happens. I’m more interested in the architectural type of thing, like the security policy and how it is specified.
Unable to display preview. Download preview PDF.