[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems



At 6:31 PM -0700 8/16/01, Alex Alten wrote:
>At 06:21 PM 8/16/2001 -0400, Henry Spencer wrote:
>>On Thu, 16 Aug 2001, Stephen Kent wrote:
>>>  ...unauthorized access to computing resources on organizational LANs.
>>>  Encryption of lots of Internet traffic, without accompanying
>>>  authentication and access control, does not address the latter concern.
>>
>>And antiaircraft missiles aren't very effective against submarines, either!
>>Different solutions to different problems.
>>
>>IPsec would not have encryption at all if passive wiretapping was not a
>>serious concern.
>>
>
>You are both right.  You need the encryption to properly enforce
>the authentication and access control.  In a trusted networked system
>they are both required.
>
>- Alex

Alex,

in fact, we use the integrity algorithm to provide continuity for the 
initial authentication exchange provided by IKE, not encryption.

Steve


Follow-Ups: References: