[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: Alex Alten <Andrade@ix.netcom.com>
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: Henry Spencer <henry%spenford@zoo.toronto.edu>
Date: Sat, 28 Feb 1998 10:08:24 -0500 (EST)
Cc: IP Security List <ipsec@tis.com>
In-Reply-To: <3.0.3.32.19980227230000.00977170@netcom.com>
Sender: owner-ipsec@ex.tis.com

> >> Here I think we differ on what the secure IP network model should be.
> >> I believe that it should be a resource owned by an organization or a
> >> company that wants to control access to it...
> >If keys are established over the public network, then AFAIK
> >only PK methods can assure forward secrecy of prior established 
> >keys when the authenticating key is compromised.
> 
> ...My contention is that for 
> model explained above that this feature is unnecessary.

Whether or not it is true, this statement is uninteresting, because many
would-be users of IPSEC do not fit your model.  I could, with equal
validity, claim that IPSEC itself is unnecessary because a model in which
the network is physically secure does not need encryption at all.

                                                      Henry Spencer
                                             henry%spenford@zoo.toronto.edu

References:

Re: IPSEC WORKING GROUP LAST CALL

From: Alex Alten <Andrade@ix.netcom.com>

Prev by Date: RE: IPSEC tunnels and Mobile IP
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread