Skip to main content

Secure Configuration of IPsec-Enabled Network Devices

Document Type Expired Internet-Draft (ipsec WG)
Authors Michael StJohns , Scott G. Kelly
Last updated 1998-10-14
Stream Internet Engineering Task Force (IETF)
Expired & archived
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Remote configuration of network devices which implement IPsec- related services is desirable as a matter of convenience and of scale. In some cases, these devices are installed on a network with no prior configuration. In such cases, secure mechanisms for bootstrap configuration are required. In this document the associated issues are examined, and a multi-tiered approach is proposed from which a specific method may be selected based upon the security requirements of the environment in which the security device exists. While the primary devices considered here are security gateways and bump-in-the-wire encryptors, many of the resulting conclusions may extend to other devices, including host IPsec implementations.


Michael StJohns
Scott G. Kelly

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)