[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC requirements

To: mjr@tis.com
Subject: Re: IPSEC requirements
From: Phil Karn <karn@qualcomm.com>
Date: Fri, 9 Sep 1994 18:29:20 -0700
Cc: watt@sware.com, bsimpson@morningstar.com, ipsec@ans.net
In-Reply-To: <9409021738.AA10155@tis.com> (message from Marcus J Ranum on Fri, 2 Sep 94 13:38:23 EDT)

>	Just give me IP encryption and some integrity checking
>and that's enough. All the authentication stuff is useless and
>belongs at the application layer. No way in hell am I gonna
>trust your kernel on a remote machine to authenticate a user.
>Not until we have high quality host-based security. If I'm that
>gullible, I may as well just use rlogin and "privileged ports."

If you don't trust a particular kernel, how can you trust an
application that runs above it? The kernel is god in just about every
OS I know.  An evil kernel could easily poke into any application and
suck out its secrets, such as crypto keys.

Phil

References:

Re: IPSEC requirements

From: Marcus J Ranum <mjr@tis.com>

Prev by Date: Re: Multicast key distribution
Next by Date: No Subject
Prev by thread: Re: IPSEC requirements
Next by thread: Re: IPSEC requirements
Index(es):
- Main
- Thread