[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
Stephen Kent <kent@bbn.com> writes:
> We disagree on the merits of opportunistic encryption. For most
> organizations, the primary threat is one of unauthorized access, not
> massive passive wiretapping of Internet traffic. Thus encrypting lost
> of traffic, without providing accompanying access controls, might
> cause more harm (in the access control dimension) than good, e.g., by
> making it harder to perform intrusion detection, trace attacks, etc.
> However, to the extent that FreeS/WAN tries to address a concern to a
> user community that has a different threat model, one that is more
> focused on big brother than on hackers, I don't argue with your
> approach.
This is certainly not MY memory from Cambridge '92, when the concept
of IPsec was to provide encryption technology at the network layer for
all connections on the Internet. A side effect of the goal was
endpoint authentication. Adding access control came even later.
> Steve
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
Follow-Ups:
References: