Colloquium Details
Why IPsec is Problematic for Applications other than VPN's
| Author: | Jonathan Trostle Security Consultant |
|---|---|
| Date: | January 30, 2003 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
Abstract
This talk focuses on the Internet Protocol Security (IPsec) policy mapping problem: given an outbound packet originated on the local host, how does the network layer decide if IPsec should be applied to the packet. More generally, how does one ensure correct mappings between application level identifiers and network layer identifiers. Although DNSSEC is one tool that can be applied here, it is neither necessary or sufficient. We describe some results for new techniques that that can be used for some legacy applications to partially or completely solve the IPsec policy mapping problem. We show how the set of current IPsec policy parameters can be usefully expanded. Finally, we summarize the environments today where IPsec is being used and discuss which IPsec policy mapping techniques are most appropriate for these environments.