[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: David_Mason@nai.com
Subject: Re: Bruce Schneier on IPsec
From: Phil Karn <karn@ka9q.ampr.org>
Date: Wed, 2 Feb 2000 16:04:31 -0800
CC: rgm-sec@htt-consult.com, ipsec@lists.tislabs.com
In-reply-to: <447A3F40A07FD211BA2700A0C99D759B788F2C@md-exchange1.nai.com>(David_Mason@nai.com)
References: <447A3F40A07FD211BA2700A0C99D759B788F2C@md-exchange1.nai.com>
Reply-to: karn@qualcomm.com
Sender: owner-ipsec@lists.tislabs.com

>I thought ESPNULL might be useful for things like IETF web sites where you
>might be retrieving public documents that you want to make sure you receive
>unaltered but aren't concerned about the confidentiality of the traffic.

This sort of thing is *much* better accomplished with PGP cleartext
signatures. This is already standard practice for the distribution of
much open source software, especially security software. The big
benefit is that the protection is much more end-to-end than anything
IPSec could provide. Consider the effect of mirror sites and web
caches, for example.

Phil

References:

RE: Bruce Schneier on IPsec

From: "Mason, David" <David_Mason@nai.com>

Prev by Date: Re: Racing IKE SAs Revisited
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: RE: Bruce Schneier on IPsec
Next by thread: RE: Bruce Schneier on IPsec
Index(es):
- Main
- Thread