[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject




Phil Karn says:
> At the IAB retreat and elsewhere, several people said that
> confidentiality (e.g., encryption) and authentication are separable,
> orthogonal issues. This didn't sit right with me, and I think I know
> why.
> 
> Although encryption and authentication may be orthogonal in a
> theoretical sense, in practice this is not always true. In particular,
> encryption at some lower level than end-to-end is often a highly
> pragmatic substitute for end-to-end authentication. It can certainly be
> easier to deploy quickly.

I fully agree with Phil. Indeed, low level authentication is often
accomplished with cryptographically signed cryptographic hashes, which
is at least as expensive in the general case as fully encrypting the
entire link. In general, if you have confidentiality, you have
authentication since an interposer couldn't forge the packets, and if
you have true authentication (that is, constant for the session and
not just at the beginning of the session with the assumption that the
session can't be hijacked), you have to use something that is likely
cryptographic in nature and as expensive as confidentiality would be.

Perry


Follow-Ups: References: