[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of Encryption in Heartbeat Packets

To: Andrew Krywaniuk <akrywani@newbridge.com>
Subject: Re: Use of Encryption in Heartbeat Packets
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 28 Feb 2000 12:03:32 -0500 (EST)
cc: "'IPSEC Mailing List @ tis labs'" <ipsec@lists.tislabs.com>
In-Reply-To: <004f01bf81fd$42d8d9c0$1e0101c8@ANDREWK2.TIMESTEP>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 28 Feb 2000, Andrew Krywaniuk wrote:
> I want to get people's opinion on one subject that is not clear to me, which
> is whether heartbeat packets should be both encrypted and authenticated or
> just authenticated.

The business of deciding on a bit-by-bit basis which things need to be
encrypted and/or authenticated leaves a bad taste in my mouth.  It adds
complexity to the design for no very good reason, and there's always the
possibility that such an assessment might be wrong for some subtle reason. 
It's simpler and safer to just encrypt *everything*. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Use of Encryption in Heartbeat Packets

From: "Andrew Krywaniuk" <akrywani@newbridge.com>

Prev by Date: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Next by Date: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Prev by thread: Use of Encryption in Heartbeat Packets
Next by thread: RE: Use of Encryption in Heartbeat Packets
Index(es):
- Main
- Thread