Re: transport-friendly ESP

[Frank Kastenholz <kasten@argon.com>]

At 08:07 PM 1/27/99 -0800, Alex Alten wrote:

>Wouldn't
>it make more sense to let ESP secure per hop IP links?  

No, No, No, and I say again, No.
You don't want to have to distribute that keying information
to routers that you may not trust. You don't want to have high
speed-silicon-based-lifeforms in the core of the Internet have
to grok the latest-encryption-algorithm-du-jour, process
entire packets with said algorithm (including looking up
more stuff to determine _which_ key to use) and have to
be updated with new hardware every time a hyperadenoidal
teenager cracks the l.e.a.d.j. 

Frank Kastenholz
Silicon-Based-Lifeform-Foozler
Argon Networks

---

References:

• transport-friendly ESP
• From: Steve Bellovin <smb@research.att.com>
• Re: transport-friendly ESP
• From: Alex Alten <Alten@home.com>

---

• Prev by Date: RE: New IPSec Monitoring MIB draft
• Next by Date: Re: transport-friendly ESP
• Prev by thread: Re: transport-friendly ESP
• Next by thread: Re: transport-friendly ESP
• Index(es):
  • Main
  • Thread