Re: IPSEC WORKING GROUP LAST CALL

[Alex Alten <Andrade@ix.netcom.com>]

At 08:53 PM 2/27/98 -0500, Lewis McCarthy wrote:
>Alex Alten writes:
>> Here I think we differ on what the secure IP network model should be.
>> I believe that it should be a resource owned by an organization or a
>> company that wants to control access to it and protect their
>> communications.  Hosts and routers are then allowed by the owner to
>> participate by giving them each a key.  In this model PK has no
>> advantage and other algorithms outperform it.
>
>In addition to the comments already made by others:
>
>If keys are established over the public network, then AFAIK
>only PK methods can assure forward secrecy of prior established 
>keys when the authenticating key is compromised.

True, this is a feature of PK that sets it apart from symmetric 
ciphers.  However, as an engineer, you have to ask yourself,
for a particular design is this feature needed?  Is this feature
more important than it's drawbacks in slow performance, data 
expansion, and slow key generation?  My contention is that for 
model explained above that this feature is unnecessary.

--
Alex Alten
Andrade@Netcom.Com
P.O. Box 11406
Pleasanton, CA  94588  USA
(510) 417-0159

---

Follow-Ups:

• Re: IPSEC WORKING GROUP LAST CALL
• From: Henry Spencer <henry%spenford@zoo.toronto.edu>

References:

• Re: IPSEC WORKING GROUP LAST CALL
• From: Alex Alten <Andrade@ix.netcom.com>
• Re: IPSEC WORKING GROUP LAST CALL
• From: "M.C.Nelson" <netsec@panix.com>
• Re: IPSEC WORKING GROUP LAST CALL
• From: "Perry E. Metzger" <perry@piermont.com>
• Re: IPSEC WORKING GROUP LAST CALL
• From: Alex Alten <Andrade@ix.netcom.com>
• Re: IPSEC WORKING GROUP LAST CALL
• From: Lewis McCarthy <lmccarth@cs.umass.edu>

---

• Prev by Date: Re: IPSEC WORKING GROUP LAST CALL
• Next by Date: Re: IPSEC WORKING GROUP LAST CALL
• Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
• Next by thread: Re: IPSEC WORKING GROUP LAST CALL
• Index(es):
  • Main
  • Thread