[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on latest IPSP drafts

To: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>
Subject: Re: Comments on latest IPSP drafts
From: "Donald E. Eastlake 3rd" <dee@world.std.com>
Date: Tue, 02 May 1995 12:49:23 -0400
Cc: ipsec <ipsec@ans.net>
In-Reply-To: Your message of "01 May 1995 10:17:32." <199505011419.AA16577@interlock.ans.net>

Seems to me that what you are saying and what you are replying too
are hard to distinguish below..

From:  Mark H Linehan/Watson/IBM Research
        <linehan@watson.ibm.com>
To:  "Donald E. Eastlake 3rd" <dee@world.std.com>
Cc:  ipsec <ipsec@ans.net>
Mime-Version:  1.0
Content-Type:  Text/Plain
}Donald Eastlake said:
}
}General compression of packets is increasingly being handled by the link
}hardware.

I said the above.

}Link-layer compression is useless when encryption is done at the network
}layer.  The motivation for considering network-layer compression is to do the
}compression before the encryption.  Otherwise, the compression function gets
}uncompressable input.

In reply to your response, my comment on link level compression was to
indicate that a general payload type for compression was made less
necessary by link encryption.  Of course you can't compress after
encrypting but if almost all the non-link level compression you wanted
to do was in conjunction with encryption, why not do something like I
had previously described and efficiently have a way of inidcationg
compression algorithm in the ESP or whatever payload?

}I consider that you do not share this vision but consider the job of
}the IETF to be to limit the Global Internet to whatever the US
}Government happens to want to let through its border filters acording to
}today's whim to be your loss.

I said the above.

}This is not a fair representation of what I have been saying.  I am not arguing
}that we should "... limit the Global Internet ..." and I am happy to see DES or
}other strong encryption as an optional part of the standard.  I simply that
}making it a **required** part of the standard is ignoring a fact of the world
}that is real, whether we like it or not.  I would prefer to standardize on two
}encryption transforms: one (relatively) weak and one strong.  We should make
}the comparative strengths of these transforms clear in the standards, so that
}potential users can assess for themselves the tradeoffs among security,
}technology, and governmental constraints.

Weak encryption you could get by the NSA with an open algorithm would
be sufficiently useless that I see no reason for using it, let alone
making it madatory.

It sure is a real world fact that there are export restriction from
the US but this is of absolutely no practical effect since people can
write or get their software form elsewhere.  Since the consensus is
entirely on my side, this issue is not much of a fight at this point.
But if it were not, I would fight for a network that matched a vision
where privacy was a key principle.

...

}---------------------------------------------------------------------------------
}Mark H. Linehan
}IBM T. J. Watson Research Center, Hawthorne, New York
}linehan@watson.ibm.com; LINEHAN at WATSON
}http://w3.watson.ibm.com/~linehan/home.html (inside IBM only)
}(914) 784-7860; 8-863-7860; fax (914) 784-7484

Donald

References:

Re: Comments on latest IPSP drafts

From: Mark H Linehan/Watson/IBM Research <linehan@watson.ibm.com>

Prev by Date: Re: Comments on latest IPSP drafts
Next by Date: I-D ACTION:draft-ietf-ipsec-cbc-encrypt-00.txt
Prev by thread: Re: Comments on latest IPSP drafts
Next by thread: Re: Comments on latest IPSP drafts
Index(es):
- Main
- Thread