[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: swIPe stuff

To: Steve Kent <kent@BBN.COM>
Subject: Re: swIPe stuff
From: Paul Mockapetris <pvm@ISI.EDU>
Date: Tue, 01 Mar 94 10:25:46 PST
Cc: "Perry E. Metzger" <pmetzger@lehman.com>, Phil Karn <karn@qualcomm.com>, iab-retreat@ISI.EDU, mobile-ip@ossi.com, ipsec@ans.net
In-Reply-To: Your message of Tue, 01 Mar 1994 10:58:25 -0500. <199403011619.AA00143@venera.isi.edu>
Reply-To: pvm@isi.edu

......  Not calling for crypto for confidentialtiy
> where crypto for authentication and integrity will suffice facillitates
> interoperable, international communication.
> 
> 	In terms of integrity checks, my point was that strong checks,
> e.g., hashes, are really required.  This is not what we put in non-
> security protocols, and so use of encryption without security-
> oriented integrity checks is dangerous.  Use of the integrity checks
> alone is a good approach for circumstances where confidentiality is
> not required.  

Do you contend that remote login is such a case?  To add to the list
of people "helping" Phil to define his point, a fully-encrypted tunnel
rlogin provides an easy-to-grasp level of security.

One can then read mail without outside observers.

One can then download and upload files without exposure.

One can use the tunneled-to firewall to allow further logins with
passwords in the clear but no exposure outside the firewall.

Integrity, authentication, and the rest are all nice adjuncts, but are
aimed at attacks that are active, and hence more detectable.

Its hard to avoid the impression that attempts to sell users on
various types of security without privacy on technical grounds are
really trojan horses for policy issues.

paul

Follow-Ups:

Re: swIPe stuff

From: "Perry E. Metzger" <pmetzger@lehman.com>

Prev by Date: No Subject
Next by Date: what security do we need?
Prev by thread: swIPe stuff
Next by thread: Re: swIPe stuff
Index(es):
- Main
- Thread