[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Diffie-Hellman, IPsec, etc.
SPEAKING out loud without the Caveat Lite on is a good way to assault
too broad a target zone. I apologize. I also believe some notable part
of the security fixit folks are perhaps more than wonderful opportunists
and solutions oriented to protecting assets cheaply for a long time are
better than solutions that WILL need to be regrown REAL SOON. VR /Ev/
This came from Ran Atkinson:
>
> On Dec 14, 11:14, Everett F Batey wrote:
>
> % Everyone else wants to stay in this time consuming, revenue producing
> % posture of reinventing security as fast as their bud can break it ..
> % some of us think we have real work and customers who just dont want to
> % hear about you cant buy comsec gear for networks and have to wait to
> % be breached.
>
> Hmmm. I hope you are excluding me from "everyone else". :-)
>
> Actually, I was the one who stood up in San Jose at the end of
> interminable key mgmt presentations and said "I want Diffie-Hellman
> for key mgmt and I want it to use RSA keys obtained from the Domain
> Name System, using the Eastlake-Kaufman DNS Security approach, for
> authentication of the DH exchange.
>
> I'm also the one that helped force the "must implement security"
> requirement into all IPv6 implementations, is pushing per-user keying
> for better security, and who is building a fully encrypting IPv6
> implementation that I hope to give away once completed (subject to
> official approvals of course).
>
> Ran
--
+ efb@suned1.nswses.Navy.MIL efb@gcpacix.cotdazr.org efb@gcpacix.uucp +