[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Bruce Schneier on IPsec
From: Henry Spencer <henry@spsystems.net>
Date: Wed, 19 Jan 2000 20:38:37 -0500 (EST)
In-Reply-To: <200001200010.QAA15133@gallium.network-alchemy.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jan 2000, Derrell D. Piper wrote:
> ...IPSec is clearly being deployed and I think you will find
> that a significant percentage of Internet traffic will be IPSec protected in
> just a few short years.  And this is very good.

Ah, but is it?  That is an assumption, not a definitely known fact.  Weak
security is worse than none at all, because it breeds overconfidence. 
Imminent widespread deployment of IPSec would be better news if there
weren't so many concerns about just how strong its security really is. 

In particular, I fail to see that widespread deployment of systems using
56-bit DES for encryption is cause for joy.  It's disgraceful that 3DES
isn't even a MUST.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Bruce Schneier on IPsec

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:

Re: Bruce Schneier on IPsec

From: "Derrell D. Piper" <ddp@network-alchemy.com>

Prev by Date: Re: Phase 1 KB lifetime
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread