US Air Force IPSEC Requirements

[Robert Hettinga <rah@shipwright.com>]

--- begin forwarded text


From: "Boyter, Brian A." <boyter@afiwc01.af.mil>
To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: US Air Force IPSEC Requirements
Date: Tue, 25 Nov 1997 17:03:03 -0600
MIME-Version: 1.0
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

First, I would like to introduce myself...
My name is Brian Boyter, I'm a Senior Consulting
Engineer with the Computer Sciences Corp, and I
am under contract to the US Air Force Information
Warfare Center in San Antonio, Texas, working on
USAF computer security...

The USAF is evaluating the use of IPSEC products
to help secure its unclassified networks...   These unclas
networks are used to communicate with contractors, and to
process financial, logistic, personnel, and medical data...
The IPSEC would be used to protect the data from
unauthorized viewing and to protect the networks and
computers from hackers...   Our goal is to eventually IPSEC
encrypt all unclassified computer communications end-to-end...

The USAF recently completed a hasty evaluation of several
IPSEC products...   Most products would work fine for a
small organization, but do not scale to an enterprise the size
of the USAF (500,000 computers)...

Here is a short list of basic USAF requirements which we found
lacking in the current IPSEC products:
1. 	The Department of Defense will soon deploy a Public
Key Infrastructure (PKI)...   The IPSEC products need to
use this existing PKI (not require a separate keying product)...
2. 	The USAF uses HP OpenView as its standard SNMP
management product...   Error logging and other IPSEC status
information needs to interoperate with OpenView...
3. 	The USAF needs to be able to manage the IPSEC security
policy sanely...   An example of a USAF IPSEC security policy
might be:  "all USAF computers can talk to all other USAF
computers using DES, all other computers it talks in-the-clear"...
It will not be possible to manage 500,000 different rule sets...
The security policy must be made simple...    We need the X.500
equivalent
of *.mil,  *.af.mil,  *.lackland.af.mil,  and *.hospital.*.af.mil so
that
we can generate rule sets using these wild cards...   I don't think
rules based on IP addresses will work either...

I'm not including interoperability in the above list because the ANX
has done a good job of making that requirement visible....

What I'm trying to point out is two things:
1. The IPSEC products need to re-use as much of our existing
infrastructure as possible (for example PKI, SNMP, etc)...
If the USAF were a small company that didn't have a large
infrastructure
investment already, it wouldn't be an issue...   But if each IPSEC
product
requires a management console at each air force base, then that can
add up to millions of dollars, thousands of man hours, training costs,
etc...
2. I'm also trying to point out that there is no standard (that I can
find) for
representing, storing, or disseminating the security policy....

Although these are Air Force requirements, I'm sure the same
requirements will exist for any large enterprise contemplating the
use
of IPSEC products...

I plan to be at the IETF meeting in December and will be glad to
speak to anyone about these issues...    Perhaps an IPSEC security
policy BOF could even be arranged???

Thanks,
Brian Boyter
boyter@afiwc01.af.mil
(210)977-3113

--- end forwarded text



-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
Ask me about FC98 in Anguilla!: <http://www.fc98.ai/>