Re: Diffie-Hellman (note by Hugo)

["Donald E. Eastlake 3rd (Beast)" <dee@skidrow.tay.dec.com>]

I think that you want the "application" and the system administrator
to both be able to specify the minimum security that is acceptable and
then go with the max of their requirements in each security dimension.
But I don't know that the protocol for SAID set up needs to be
concerned with how the security requirments of each party is
established.  We need things like an ICMP reject for "inadequate"
security that states what security services would be required for the
packet to have been accepted, etc.

Donald

PS: Keeping in mind that you may need multiple SAIDs even if they
all provide the same services and use the same algorithms because
they are authenticated with different user identities at one or
both ends.

From:  rubin@faline.bellcore.com (Avi Rubin)
To:  Ashar.Aziz@eng.sun.com, amir@watson.ibm.com, hugo@watson.ibm.com
Cc:  ipsec@ans.net
>Ashar,
>
>I agree that sometimes authentication is needed, and secrecy
>is not important, but I'm wondering how this is determined at
>the IP layer. When is the choice made between authentication
>and secrecy? Is it your idea that the applications specify
>this? Does this destroy transparency across layers? 
>
>Avi

---

References:

• Re: Diffie-Hellman (note by Hugo)
• From: rubin@faline.bellcore.com (Avi Rubin)

---

• Prev by Date: architecture
• Next by Date: Re[2]: Diffie-Hellman (note by Hugo)
• Prev by thread: Re: Diffie-Hellman (note by Hugo)
• Next by thread: Re[2]: Diffie-Hellman (note by Hugo)
• Index(es):
  • Main
  • Thread