Maybe the Air Force should hire a consultant instead of CSC. On Wed, 26 Nov 1997, Robert Hettinga wrote:
--- begin forwarded text
From: "Boyter, Brian A." <boyter@afiwc01.af.mil> To: "'ipsec@tis.com'" <ipsec@tis.com> Subject: US Air Force IPSEC Requirements Date: Tue, 25 Nov 1997 17:03:03 -0600 MIME-Version: 1.0 Sender: owner-ipsec@ex.tis.com Precedence: bulk
First, I would like to introduce myself... My name is Brian Boyter, I'm a Senior Consulting Engineer with the Computer Sciences Corp, and I am under contract to the US Air Force Information Warfare Center in San Antonio, Texas, working on USAF computer security...
The USAF is evaluating the use of IPSEC products to help secure its unclassified networks... These unclas networks are used to communicate with contractors, and to process financial, logistic, personnel, and medical data... The IPSEC would be used to protect the data from unauthorized viewing and to protect the networks and computers from hackers... Our goal is to eventually IPSEC encrypt all unclassified computer communications end-to-end...
The USAF recently completed a hasty evaluation of several IPSEC products... Most products would work fine for a small organization, but do not scale to an enterprise the size of the USAF (500,000 computers)...
Here is a short list of basic USAF requirements which we found lacking in the current IPSEC products: 1. The Department of Defense will soon deploy a Public Key Infrastructure (PKI)... The IPSEC products need to use this existing PKI (not require a separate keying product)... 2. The USAF uses HP OpenView as its standard SNMP management product... Error logging and other IPSEC status information needs to interoperate with OpenView... 3. The USAF needs to be able to manage the IPSEC security policy sanely... An example of a USAF IPSEC security policy might be: "all USAF computers can talk to all other USAF computers using DES, all other computers it talks in-the-clear"... It will not be possible to manage 500,000 different rule sets... The security policy must be made simple... We need the X.500 equivalent of *.mil, *.af.mil, *.lackland.af.mil, and *.hospital.*.af.mil so that we can generate rule sets using these wild cards... I don't think rules based on IP addresses will work either...
I'm not including interoperability in the above list because the ANX has done a good job of making that requirement visible....
What I'm trying to point out is two things: 1. The IPSEC products need to re-use as much of our existing infrastructure as possible (for example PKI, SNMP, etc)... If the USAF were a small company that didn't have a large infrastructure investment already, it wouldn't be an issue... But if each IPSEC product requires a management console at each air force base, then that can add up to millions of dollars, thousands of man hours, training costs, etc... 2. I'm also trying to point out that there is no standard (that I can find) for representing, storing, or disseminating the security policy....
Although these are Air Force requirements, I'm sure the same requirements will exist for any large enterprise contemplating the use of IPSEC products...
I plan to be at the IETF meeting in December and will be glad to speak to anyone about these issues... Perhaps an IPSEC security policy BOF could even be arranged???
Thanks, Brian Boyter boyter@afiwc01.af.mil (210)977-3113
--- end forwarded text
----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/ Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>