[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
At 6:31 PM -0700 8/16/01, Alex Alten wrote:
>At 06:21 PM 8/16/2001 -0400, Henry Spencer wrote:
>>On Thu, 16 Aug 2001, Stephen Kent wrote:
>>> ...unauthorized access to computing resources on organizational LANs.
>>> Encryption of lots of Internet traffic, without accompanying
>>> authentication and access control, does not address the latter concern.
>>
>>And antiaircraft missiles aren't very effective against submarines, either!
>>Different solutions to different problems.
>>
>>IPsec would not have encryption at all if passive wiretapping was not a
>>serious concern.
>>
>
>You are both right. You need the encryption to properly enforce
>the authentication and access control. In a trusted networked system
>they are both required.
>
>- Alex
Alex,
in fact, we use the integrity algorithm to provide continuity for the
initial authentication exchange provided by IKE, not encryption.
Steve
Follow-Ups:
References: