[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryptiondeployment problems
At 6:21 PM -0400 8/16/01, Henry Spencer wrote:
>On Thu, 16 Aug 2001, Stephen Kent wrote:
>> ...unauthorized access to computing resources on organizational LANs.
>> Encryption of lots of Internet traffic, without accompanying
>> authentication and access control, does not address the latter concern.
>
>And antiaircraft missiles aren't very effective against submarines, either!
>Different solutions to different problems.
>
>IPsec would not have encryption at all if passive wiretapping was not a
>serious concern.
>
Passive wiretapping is a concern, in some contexts, and thus it is
appropriate to offer encryption as part of the IPsec suite of
security services. The difference of opinion is whether it is always
necessary or always helpful.
Most security experts agree that pervasive use of encryption via SSL
for web access does little to protect credit card numbers from being
stolen; there are much better ways to steal these values. SSL use
does address the marketing need to provide the perception of security
for users who might otherwise be reluctant to send these values
across the Internet. In the IPsec WG I assume that we will adopt
standards based on technical benefits, rather than marketing concerns.
Steve
References: