[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's and Ashar's attacks
Dan Nessett says:
> is a good one. I suggest the following experiment in distributed collaborative
> work. Let's try to come up with a list of requirements/goals for
> IPSEC that we all can agree on.
Good idea. I agree with all the goals you mentioned except the last one:
> o The IPSEC protocols should be useable between two machines. They should
> counter attacks by intruders with access to both the intervening
> network and as users of either machine. However, they will provide
> no protection against intruders that successfully compromise either
> machine.
I believe it's too much overhead and architechtural "uncleanness" to
achieve this goal, which in my view belongs to the upper layers...
--
Regards,
Uri uri@watson.ibm.com N2RIU
===========
<Disclamer>
References: