[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec near term work
Perry:
You said:
> I agree that formally characterizing the properties of the model is
> hard. Of course, formally characterizing the failure modes of SMTP
> email is also hard, and yet people manage to trust that SMTP will
> deliver their mail most of the time just fine.
Authentication that can be trusted most of the time to be correct is not
acceptable! I am not willing to call it authentication if I can trust it most
of the time, but not always.
In my opinion, PEM authentication must be able to tell me one of the following:
. The message is unmodified and came from the person claimed, or
. The message has been modified or the message originator cannot be
confirmed.
Russ
Follow-Ups:
References: