RE: Death to AH (was Re: SA identification)

[Alex Alten <Alten@home.com>]

At 05:24 PM 3/23/2001 +0200, Helger Lipmaa wrote:
>On Fri, 23 Mar 2001, Ray Savarda wrote:
>
> > To add another voice to the chorus - we would certainly like to see AH
> > removed as a requirement. From our perspective it just adds complexity
> > without adding much value, and at high speeds, life (IPSEC) is already
> > complex enough!
>
>A friend who recently got involved with ipsec has a paranoid idea that
>IPSec is NSA's revenge/tradeoff for enabling strong cryptography. What is
>the use of good algorithms if a protocol is so complex that it is almost
>intractable to implement, analyse and apply?
>
>Helger
>PS This is not my personal opinion. :-)
>

When ipsec came out for last call in Feb.  1998 I voiced exactly this concern
about overall complexity (including problems with AH) in a detailed email to
the WG.  It is a pity that so many people and firms have spent countless hours
and money on it and only now are finally realizing the system design flaws.  
The NSA has probably been laughing behind our backs for the past two years.

- Alex

--

Alex Alten

Alten@Home.Com

---

References:

• RE: Death to AH (was Re: SA identification)
• From: Ray Savarda <rsavarda@NetOctave.com>
• RE: Death to AH (was Re: SA identification)
• From: Helger Lipmaa <helger@tml.hut.fi>

---

• Prev by Date: Two issues: AH death, and SA identification
• Next by Date: Re: SA identification
• Prev by thread: RE: Death to AH (was Re: SA identification)
• Next by thread: RE: Death to AH (was Re: SA identification)
• Index(es):
  • Main
  • Thread