[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: transport-friendly ESP
Alex Alten wrote:
>
> Frank,
>
> However having said all that, I do agree that it will be
> a long time before the core routers would do any crypto.
>
Jumping in in the middle here:
Why should core routers do any significant crypto? Apart from the
peeking-in-so-I-can-do-stuff requirements of Steve Bellovins tf-esp
proposal, I can't see why they'd need to be a party to any security
association.
Even if we have blazing-fasting algorithms that could reasonably
be put in a core router, I can't really see the need. My security
requirements are end to end, and I'll be damned if I'll let some
ISP I know nothing about, run by a pimply-faced teenage moron, be
a party to my security associations. To have all the core routers
be a party to security associations is to reduce the security
of the internet to what is in the (virtual) copper world of
today.
Core routers WILL do crypto, but not because they need to provide
decrypt--do-some-stuff--encrypt services to client data streams.
They'll do crypto because that's the only secure way to manage them
over the network--a very much lower bandwidth requirement than
handling crypto on client data streams.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
References: