Secure Configuration of IPsec-Enabled Network Devices
draft-ietf-ipsec-secconf-00
Document | Type |
Expired Internet-Draft
(ipsec WG)
Expired & archived
|
|
---|---|---|---|
Authors | Michael StJohns , Scott G. Kelly | ||
Last updated | 1998-10-14 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Remote configuration of network devices which implement IPsec- related services is desirable as a matter of convenience and of scale. In some cases, these devices are installed on a network with no prior configuration. In such cases, secure mechanisms for bootstrap configuration are required. In this document the associated issues are examined, and a multi-tiered approach is proposed from which a specific method may be selected based upon the security requirements of the environment in which the security device exists. While the primary devices considered here are security gateways and bump-in-the-wire encryptors, many of the resulting conclusions may extend to other devices, including host IPsec implementations.
Authors
Michael StJohns
Scott G. Kelly
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)