Re: [Design] Re: Wes Hardaker: opportunistic encryptiondeployment problems

[Stephen Kent <kent@bbn.com>]

At 6:21 PM -0400 8/16/01, Henry Spencer wrote:
>On Thu, 16 Aug 2001, Stephen Kent wrote:
>>  ...unauthorized access to computing resources on organizational LANs.
>>  Encryption of lots of Internet traffic, without accompanying
>>  authentication and access control, does not address the latter concern.
>
>And antiaircraft missiles aren't very effective against submarines, either!
>Different solutions to different problems.
>
>IPsec would not have encryption at all if passive wiretapping was not a
>serious concern.
>

Passive wiretapping is a concern, in some contexts, and thus it is 
appropriate to offer encryption as part of the IPsec suite of 
security services. The difference of opinion is whether it is always 
necessary or always helpful.

Most security experts agree that pervasive use of encryption via SSL 
for web access does little to protect credit card numbers from being 
stolen; there are much better ways to steal these values. SSL use 
does address the marketing need to provide the perception of security 
for users who might otherwise be reluctant to  send these values 
across the Internet. In the IPsec WG I assume that we will adopt 
standards based on technical benefits, rather than marketing concerns.

Steve

---

References:

• Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
• Next by Date: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• Prev by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• Next by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• Index(es):
  • Main
  • Thread