Sciweavers

SPW
2005
Springer

Experiences with Host-to-Host IPsec

14 years 6 months ago
Experiences with Host-to-Host IPsec
This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private IP addresses are not globally unique, and because they rely on an untrusted DNS server at the visited network. We also discuss a feature interaction in an enhanced IPsec firewall mechanism. The potential solutions are to relax the transparency of IPsec protection, to put applications directly in charge of their security and, in the long term, to redesign the security protocols not to use IP addresses as host identifiers.
Tuomas Aura, Michael Roe, Anish Mohammed
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where SPW
Authors Tuomas Aura, Michael Roe, Anish Mohammed
Comments (0)