Negotiation andCompliance Checking

• IPSP has to facilitate two things:

  • Negotiation: help hosts discover compatible policies and credentials for IPSEC SA creation (“advisory”)
  • Compliance Checking: allow hosts to enforce their own SA and packet filtering policies at SA creation time (security goes here)

• All IPSEC implementations already have (non-standard) packet filtering for packet policy

• No standard SA policy mechanism / language

Previous slide

Next slide

Back to first slide

View graphic version