[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard

To: IESG Secretary <iesg-secretary@ietf.org>, Internet Engineering Steering Group <iesg@ietf.org>
Subject: RE: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
Date: Thu, 17 Apr 2003 17:00:16 +0200

>                     Yes    No-Objection  Discuss *  Abstain  
> Bert Wijnen         [   ]     [   ]       [ X ]      [   ]

On page 9 I read (2nd para):
   Note that IPSec is considerably less flexible than TLS when it comes
   to configuring root CAs. Since use of Port identifiers is prohibited
   within IKE Phase 1, within IPSec it is not possible to uniquely
   configure trusted root CAs for each application individually; the
>> same policy must be used for all applications. This implies, for
>> example, that a root CA trusted for use with a SIGTRAN protocol must
>> also be trusted to protect SNMP. These restrictions can be awkward at
   best. 

I have marked a few lines with >>
Can someone explain to me how it "implies" or "follows that the
SIGTRAN protocol must also be trusted to protect SNMP. I guess I cannot
find the proper context as to how SNMP plays a role here.

Bert

Follow-Ups:
- Re: Evaluation: draft-ietf-sigtran-security - Security Considerat ions for SIGTRAN Protocols to Proposed Standard
  - From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: FINAL: IESG Telechat for April 17, 2003
Next by Date: Re: Evaluation: draft-ietf-sigtran-security - Security Considerat ions for SIGTRAN Protocols to Proposed Standard
Previous by thread: RE: Evaluation: draft-ietf-sigtran-security - Security Considerations for SIGTRAN Protocols to Proposed Standard
Next by thread: Re: Evaluation: draft-ietf-sigtran-security - Security Considerat ions for SIGTRAN Protocols to Proposed Standard
Index(es):
- Date
- Thread