[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: pmetzger@lehman.com
From: Steve Kent <kent@BBN.COM>
Date: Tue, 01 Mar 94 11:04:53 -0500
Cc: Steve Kent <kent@BBN.COM>, Phil Karn <karn@qualcomm.com>, iab-retreat@isi.edu, mobile-ip@ossi.com, ipsec@ans.net
In-Reply-To: Your message of Mon, 28 Feb 94 18:59:31 -0500. <9402282359.AA10335@andria.lehman.com>

Perry,

	Your assertion in the first message that encryption is
generally as good as authentication, was the assertion I was
commenting upon.  The point being that, in general, encryption is not
an equivalent alternative to cryptographic authentication.  The OFB
example was just one way of making that point.

	As for bulk encryoption, rather than end-to-end, that is the
general form of what Phil seems to be arguing, i.e., that encryption
of traffic between sites is easier than authentication implemented on
an end system basis, because of reduced management burdens.  While
that observation is true, the resulting functionality, is not the
same, even if the inter-site encryption is accompanied by
authentication at the same granularity.  For some contexts this
approach could be quite effective, e.g., if one were atte,tping to
build a private corporate Internet on top of a public Internet.
However, in a more general environment, the wide range of
communicating partners makes inter-site encryption less effective
(compared to end-to-end authentication).

Steve

Prev by Date: swIPe stuff
Next by Date: Re: swIPe stuff
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Main
- Thread