Re: Last Call: Security Architecture for the Internet Protocol to

["Scott G. Kelly" <skelly@redcreek.com>]

M.C.Nelson wrote:
> 
> On Fri, 27 Mar 1998, Scott G. Kelly wrote:
> >
> > IPSEC as currently spec'd is SSSSEEEECCCCUUURRRREEE.
> >
> 

Geez, I'll never live this one down :-(

>   Has this been established?  It seems doubtful in view of
>   (i) its complexity, and (ii) its explicit support for gateways
>   and "trusted networks".


On a more serious note, in terms of complexity, I don't think you can
avoid it. Hackers are pretty sophisticated people (or at least, the ones
capable of compromising your banking transactions are), and so complex
measures are required. 

In terms of your second point, I'm not sure of what you're referring to
here. What 'trusted networks'? And I think the 'explicit support for
gateways' is a bit unclear as well: do you mean its support for tunnel
endpoints which are different than the transaction endpoint? I guess I
wouldn't want to get into the philosophical discussion surrounding the
inappropriate nature of anything which gets in the way of end-to-end
communications on the internet (at least, not on *this* mailing list),
but these gateways *are* endpoints with respect to security.
 
Scott

---

Follow-Ups:

• Re: Last Call: Security Architecture for the Internet Protocol to
• From: "M.C.Nelson" <netsec@panix.com>

References:

• Re: Last Call: Security Architecture for the Internet Protocol to
• From: "M.C.Nelson" <netsec@panix.com>

---

• Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to
• Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to
• Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to
• Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to
• Index(es):
  • Main
  • Thread