security
Click on the red underlined text to get to the source
... PKI products are discussed. The
requirements are carefully designed to achieve security without
compromising ease of management and deployment ...
... scale deployment tools are desired, but local security policy
stringency will not allow for the use of such commercial tools. The
...
... VPN) Operator
The Operator is the person or group of people that define security
policy and configure the VPN System to enforce that policy, with the
VPN Administration function ...
... IPsec to
another Peer in order to create an IPsec Security Association for
communications. It can be either a traditional security gateway
...
... create an IPsec Security Association for
communications. It can be either a traditional security gateway
(with two network interfaces, one for the protected network ...
...
The Peers are two entities between which establishment of an IPsec
Security Association is required. Two Peers are shown in Figure 1,
but implementations can support an actual number in the hundreds or
thousands. The Peers can be gateway ...
... PKI is a bolt-on to
the VPN System. The Operator will configure local security
policy in part through the Admin and its authorized PKI-enabled
Peers.
...
... Whether [R] transactions require privacy is determined by the local
security policy.
The target ...
... private key will leave the
cryptographic boundary of the peer, which is a significant security
trade-off consideration. Whenever possible, it is always better to
have private keys ...
... PKCs. This is, in all likelihood, the easiest way to
deploy PKCs, though it sacrifices some security since both the CA and
the Admin have access to the private key ...
... PKC in a renew or update
scenario is a matter of local security policy, and MUST be specified
by the Admin to the PKI in the original authorization ...
... verification based on the fields
of the PKC and parameters applicable to the VPN Security Association.
The fields of the PKC ...
... Security Considerations ...
... This requirements document does not specify a concrete solution, and
as such has no system-related security considerations per se.
However, the intent of the PKI4IPSEC WG was to profile ...
... Certificate Request Message Format (CRMF)). The individual security
considerations of these protocols should be carefully considered in
the profiling effort.
...
... implementers and system
operators through the selection of applicable use cases and
development of security policy constraints. These factors must be
carefully considered to ensure the security ...
... security policy constraints. These factors must be
carefully considered to ensure the security of PKI4IPSEC certificate
management ...
... Piper, D., "The Internet IP Security Domain of Interpretation for ISAKMP", RFC 2407(-> 4306prop), November 1998. ...
... Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301prop, December 2005. ...
... VPN Consortium), Hank Mauldin (Cisco
Systems), and Jussi Kukkonen (SSH Communications Security).
Substantial editorial contributions were made by Leo Pluswick (ICSA),
Tim Polk (NIST ...