Advantages of Architecture

• Separates negotiation (complex, untrusted) from compliance checking (simple, trusted)

• Can use any compliance checking language

  • different hosts can write their policies in any language they want
  • but some benefit to standardizing the language

• It all works well in practice

  • minimal performance impact
  • no architectural changes to IPSEC protocol or implementation

Previous slide

Next slide

Back to first slide

View graphic version