[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec near term work



Perry:

You said:
> I agree that formally characterizing the properties of the model is
> hard. Of course, formally characterizing the failure modes of SMTP
> email is also hard, and yet people manage to trust that SMTP will
> deliver their mail most of the time just fine.

Authentication that can be trusted most of the time to be correct is not
acceptable!  I am not willing to call it authentication if I can trust it most
of the time, but not always.

In my opinion, PEM authentication must be able to tell me one of the following:
  .  The message is unmodified and came from the person claimed, or
  .  The message has been modified or the message originator cannot be
confirmed.


Russ


Follow-Ups: References: