Re: Interactions between IPSEC and NAT

[Alex Alten <Andrade@netcom.com>]

At 02:39 AM 2/5/98 -0500, Perry E. Metzger wrote:
>Maybe you ought to read the spec. It might answer a lot of your
>questions. Believe it or not, we did know what we were doing.

I have to really question if you knew what you were doing.  Go 
read Rogaway's cryptographic analysis--have you fixed the issues 
he raised?  Are you still seriously considering a PK solution for 
managing trust?  If so, then God help anybody that has to implement 
it and get a real customer to use it.

>Your viewpoint is a wee bit unrealistic -- there is, in practice, no
>way to make even a tiny fraction of the routers trusted. It is also
>unneeded -- we know how to provide security in a network where nothing
>except the endpoints need to be trusted. 

Unfortunately you have come up with a solution I find cumbersome,
slow, difficult to administer, with an awkward trust model, no 
auditing, and no key recovery.

> Might I suggest that you
>study this topic a bit more in depth before commenting further?

You know Perry, not everyone who studies this field goes off and wastes
their time writing RFC's and I-D's. I prefer to apply for patents and sell 
them.

- Alex

--
Alex Alten
Andrade@Netcom.Com
P.O. Box 11406
Pleasanton, CA  94588  USA
(510) 417-0159

---

Follow-Ups:

• Re: Interactions between IPSEC and NAT
• From: "Perry E. Metzger" <perry@piermont.com>
• Re: Interactions between IPSEC and NAT
• From: Stephen Kent <kent@bbn.com>

References:

• Re: Interactions between IPSEC and NAT
• From: "Perry E. Metzger" <perry@piermont.com>

---

• Prev by Date: Re: Interactions between IPSEC and NAT
• Next by Date: Re: (NAT) Re: Interactions between IPSEC and NAT
• Prev by thread: Re: Interactions between IPSEC and NAT
• Next by thread: Re: Interactions between IPSEC and NAT
• Index(es):
  • Main
  • Thread