[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: Danny.Nessett@eng.sun.com (Dan Nessett)
Subject: Re: Bellovin's and Ashar's attacks
From: uri@watson.ibm.com
Date: Fri, 14 Apr 1995 12:38:23 -0500 (EDT)
Cc: ipsec@ans.net
In-Reply-To: <199504141613.AA09958@interlock.ans.net> from "Dan Nessett" at Apr 14, 95 09:11:56 am
Reply-To: uri@watson.ibm.com

Dan Nessett says:
> is a good one. I suggest the following experiment in distributed collaborative
> work. Let's try to come up with a list of requirements/goals for
> IPSEC that we all can agree on.

Good idea. I agree with all the goals you mentioned except the last one:

>  o  The IPSEC protocols should be useable between two machines. They should
>     counter attacks by intruders with access to both the intervening
>     network and as users of either machine. However, they will provide
>     no protection against intruders that successfully compromise either
>     machine.

I believe it's too much overhead and architechtural "uncleanness" to
achieve this goal, which in my view belongs to the upper layers...
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
===========
<Disclamer>

References:

Re: Bellovin's and Ashar's attacks

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: Bellovin's and Ashar's attacks
Next by Date: Re: Bellovin's and Ahar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread