Re: Diffie-Hellman, IPsec, etc.

[efb@suned1.Nswses.Navy.Mil (Everett F Batey)]

SPEAKING out loud without the Caveat Lite on is a good way to assault 
too broad a target zone.  I apologize.  I also believe some notable part
of the security fixit folks are perhaps more than wonderful opportunists 
and solutions oriented to protecting assets cheaply for a long time are
better than solutions that WILL need to be regrown REAL SOON.  VR /Ev/

This came from Ran Atkinson:
> 
> On Dec 14, 11:14, Everett F Batey wrote:
> 
> % Everyone else wants to stay in this time consuming, revenue producing
> % posture of reinventing security as fast as their bud can break it ..
> % some of us think we have real work and customers who just dont want to
> % hear about you cant buy comsec gear for networks and have to wait to
> % be breached.
> 
> Hmmm.  I hope you are excluding me from "everyone else". :-)
> 
>   Actually, I was the one who stood up in San Jose at the end of
> interminable key mgmt presentations and said "I want Diffie-Hellman
> for key mgmt and I want it to use RSA keys obtained from the Domain
> Name System, using the Eastlake-Kaufman DNS Security approach, for
> authentication of the DH exchange.
> 
>   I'm also the one that helped force the "must implement security"
> requirement into all IPv6 implementations, is pushing per-user keying
> for better security, and who is building a fully encrypting IPv6
> implementation that I hope to give away once completed (subject to
> official approvals of course).
> 
> Ran

-- 
 + efb@suned1.nswses.Navy.MIL  efb@gcpacix.cotdazr.org   efb@gcpacix.uucp +

---

• Prev by Date: Re: key management
• Next by Date: Human I&A, IPsec, and their non-relationship
• Prev by thread: key management layering
• Next by thread: Ephemeral RSA
• Index(es):
  • Main
  • Thread