[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IVs, summary of discussion
Steve Kent says:
> In principle, I agree with your observations, i.e., encryption
> need not confer authentication nor even be designed to support
> authentication. The two are separable services (confidentiality and
> integrity, really, with authentication a side effect of key management
> for integrity). However, I do worry about users who don't appreciate
> the difference selecting encryption only (because of a performance
> concern) and being vulnerable to attacks that they didn't understand.
Well, how about users whose applications are inherently resistent
to integrity-violation attacks, and who consciously care only
about privacy?
--
Regards,
Uri uri@watson.ibm.com acheron!angmar!uri N2RIU
-----------
<Disclamer>
Follow-Ups:
References: