[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: transport-friendly ESP
At 01:41 AM 2/1/99 -0800, Alex Alten wrote:
>Frank,
>
>Thank you for your detailed analysis about why a block
>cipher like DES will not work for a core router. It's a
>bit like saying why a 2400 baud modem won't work either.
I didn't say it won't work.
I said it won't happen.
We could put all that stuff into silicon
for a greater cost and lower performance
than the market is willing to bear right
now.
>Why can't we design, implement and verify a cipher that can
>meet these constraints you point out in such detail?
For the same reason that the IETF does not go off and
come up with some new kind of semiconductor lasers to
make faster optical links. We do protocols. Someone
else does semiconductor lasers, or encryption
algorithms.
Besides, there are other issues besides encryption
algorithms, such as key distribution. If each router
along the path is supposed to decrypt the packet, or
a part of it, then that router needs the key. How do
you do it? The path may be 10, 20, 30, ... routers
long. Plus the path will change over time, and
the end stations do not know when that happens.
The path might even go through someplace that
you don't trust. (At one point in time, the ISP
we then used had its pop in a wiring closet
in a facility owned by one of our competitors.
Any key exchange with that router would go
through wires that were accessible to that
competitor, to a router that was accessible to
that competitor. If they were sufficiently
shady and sufficiently motivated, our
communications could have been compromised).
Frank Kastenholz
References: