[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv4 Security redux

To: teb@asteroid.sys.acc.com (Tom Benkart), ipsec@ans.net
Subject: Re: IPv4 Security redux
From: karn@qualcomm.com (Phil Karn)
Date: Wed, 21 Apr 93 18:17:42 -0700

At 08:58 AM 4/21/93 EDT, Tom Benkart wrote:
>In the government/military environment, different security levels are
>frequently required to use different keys (between the same host pairs).
>That argues for including a SAID, assuming we are trying to address
>that user community.  The SAID could be a single byte to satisfy that
>use.

I don't really see the point of having multiple keys that are going
to be stored right next to each other in the same trusted kernel anyway,
but I guess if it's a real requirement we might as well add it.

The only case where I think it really makes sense to have multiple keys
is when you have multiple ciphers with different performance/security
tradeoffs.

A question here is how applicable the military multi-level compartmental
security model is to commercial applications.

Phil

Prev by Date: FYI: NLSP comments...
Next by Date: Re: IPv4 Security redux
Prev by thread: Re: IPv4 Security redux
Next by thread: Re: IPv4 Security redux
Index(es):
- Main
- Thread