This paper recounts some lessons that we learned from the deployment of host-to-host IPsec in a large corporate network. Several security issues arise from mismatches between the different identifier spaces used by applications, by the IPsec security policy database, and by the security infrastructure (X.509 certificates or Kerberos). Mobile hosts encounter additional problems because private IP addresses are not globally unique, and because they rely on an untrusted DNS server at the visited network. We also discuss a feature interaction in an enhanced IPsec fire-wall mechanism. The potential solutions are to relax the transparency of IPsec protection, to put applications directly in charge of their security and, in the long term, to redesign the security protocols not to use IP addresses as host identifiers. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Aura, T., Roe, M., & Mohammed, A. (2007). Experiences with host-to-host IPsec. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4631 LNCS, pp. 3–22). Springer Verlag. https://doi.org/10.1007/978-3-540-77156-2_2
Mendeley helps you to discover research relevant for your work.