Trust management for IPsec

  • Blaze M
  • Ioannidis J
  • Keromytis A
  • 42


    Mendeley users who have this article in their library.
  • 30


    Citations of this article.


{IPsec} is the standard suite of protocols for network-layer confidentiality
and authentication of Internet traffic. The {IPsec} protocols, however,
do not address the policies for how protected traffic should be handled
at security end points. This article introduces an efficient policy
management scheme for {IPsec,} based on the principles of trust management.
A compliance check is added to the {IPsec} architecture that tests
packet filters proposed when new security associations are created
for conformance with the local security policy, based on credentials
presented by the peer host. Security policies and credentials can
be quite sophisticated (and specified in the trust-management language),
while still allowing very efficient packet-filtering for the actual
{IPsec} traffic. We present a practical portable implementation of
this design, based on the {KeyNote} trust-management language, that
works with a variety of {UNIX-based} {IPsec} implementations. Finally,
we discuss some applications of the enhanced {IPsec} architecture.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Matt Blaze

  • John Ioannidis

  • Angelos D. Keromytis

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free