[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: Phil Karn <karn@qualcomm.com>
From: Steve Kent <kent@BBN.COM>
Date: Mon, 28 Feb 94 18:04:15 -0500
Cc: iab-retreat@isi.edu, mobile-ip@ossi.com, ipsec@ans.net
In-Reply-To: Your message of Mon, 28 Feb 94 14:32:53 -0800. <199402282232.OAA01084@servo.qualcomm.com>

Phil,

	I gave a specific example of why Perry's general assertion was
untrue.  That is a valid refutation of his assertion, period.

	While bulk encryption is easier to deploy that end-to-end
encryption or authentication, it does not provide the same level of
protection.  Bulk encryption works best between sites that want
communicate securely, e.g., distributed offices of an organization.
However, in an environment where much of the communication is between
a wide range of sites with varying degrees of local security, the
utility of bulk encryption is lower.  If a typical Internet site
communicates with a wide range of other sites (e.g., for mail
transport and WWW purposes), then it becomes less practical to employ
bulk encryption for much of the traffic.  Also, some folks concerned
about net management have expressed concern that encryption,
vs. authentication, will make it harder to diagnose some problems due
to concealment of (IP and TCP) header info by IP layer encapsulation
security protocols.  There are tradeoffs.

Steve

Follow-Ups:

No Subject

From: "Perry E. Metzger" <pmetzger@lehman.com>

References:

No Subject

From: Phil Karn <karn@qualcomm.com>

Prev by Date: No Subject
Next by Date: No Subject
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Main
- Thread