Re: [anonsec] review comments on draft-ietf-btns-prob-and-applic-06.txt
Stephen Kent <kent@bbn.com> Mon, 14 January 2008 19:33 UTC
Return-path: <anonsec-bounces@postel.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JEV3V-0005eO-FV for btns-archive-waDah9Oh@lists.ietf.org; Mon, 14 Jan 2008 14:33:09 -0500
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JEV3T-0003V8-PD for btns-archive-waDah9Oh@lists.ietf.org; Mon, 14 Jan 2008 14:33:09 -0500
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m0EJSDMD014014; Mon, 14 Jan 2008 11:28:13 -0800 (PST)
Received: from mx12.bbn.com (mx12.bbn.com [128.33.0.81]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id m0EJRJpS013911 for <anonsec@postel.org>; Mon, 14 Jan 2008 11:27:20 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.0.101]) by mx12.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1JEUxq-0006WK-5O; Mon, 14 Jan 2008 14:27:18 -0500
Mime-Version: 1.0
Message-Id: <p06240518c3b166bb1281@[192.168.0.101]>
In-Reply-To: <20080112000019.GX810@Sun.COM>
References: <p0624051cc3a83920cdf2@[128.89.89.71]> <20080112000019.GX810@Sun.COM>
Date: Mon, 14 Jan 2008 14:25:53 -0500
To: Nicolas Williams <Nicolas.Williams@sun.com>
From: Stephen Kent <kent@bbn.com>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: kent@bbn.com
Cc: anonsec@postel.org, ietf@ietf.org
Subject: Re: [anonsec] review comments on draft-ietf-btns-prob-and-applic-06.txt
X-BeenThere: anonsec@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Discussions of anonymous Internet security." <anonsec.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/anonsec>
List-Post: <mailto:anonsec@postel.org>
List-Help: <mailto:anonsec-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/anonsec>, <mailto:anonsec-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: anonsec-bounces@postel.org
Errors-To: anonsec-bounces@postel.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7655788c23eb79e336f5f8ba8bce7906
At 6:00 PM -0600 1/11/08, Nicolas Williams wrote: >... > >Finally, multi-user systems may need to authenticate individual users to >other entities, in which case IPsec is inapplicable[*]. (I cannot find >a mention of this in the I-D, not after a quick skim.) > >[*] At least to my reading of RFC4301, though I see no reason why a > system couldn't negotiate narrow SAs, each with different local IDs > and credentials, with other peers. But that wouldn't help > applications that multiplex messages for many users' onto one TCP > connection (e.g., NFS), in which case even if my readinf of RFC4301 > is wrong IPsec is still not applicable for authentication. IPsec has always allowed two peers to negotiate multiple SAs between them, e.g., on a per-TCP connection basis. Ipsec does support per-user authentication if protocol ID and port pairs can be used to distinguish the sessions for different users. So, if you want to restrict the cited motivation to applications that multiplex different users onto a single TCP/UDP session, that would be accurate. Steve _______________________________________________
- [anonsec] review comments on draft-ietf-btns-prob… Stephen Kent
- Re: [anonsec] review comments on draft-ietf-btns-… Black_David
- Re: [anonsec] review comments on draft-ietf-btns-… Nicolas Williams
- Re: [anonsec] review comments on draft-ietf-btns-… Nicolas Williams
- Re: [anonsec] review comments on draft-ietf-btns-… Stephen Kent
- Re: [anonsec] review comments on draft-ietf-btns-… Nicolas Williams
- Re: [anonsec] review comments on draft-ietf-btns-… Stephen Kent