[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mandatory encryption for anonymity

To: IPSEC@ans.net
Subject: mandatory encryption for anonymity
From: hugo@watson.ibm.com
Date: Tue, 28 Nov 95 15:46:39 EST

After having praised Photuris for the good protection
of privacy/anonymity, let me disagree with the change in
draft 08 that makes encryption of Identification_Message (and
Change_Message) mandatory.

Mandating symetric encryption
(in particular, DES) where not strictly necessary is not advisable.
Having this as an option as before was the right thing.
The complexity of having this particular option (in addition or together
to the existing scheme option) is not worth the effects of mandating
encryption.  The latter is just an unnecessary obstacle for the fast
deployment of Photuris for (at least) many American vendors.

Hugo

Prev by Date: anonymity against active attackers
Next by Date: SKIP source release now available
Prev by thread: anonymity against active attackers
Next by thread: SKIP source release now available
Index(es):
- Main
- Thread