[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
At 01:05 PM 8/17/2001 -0400, Stephen Kent wrote:
>At 6:31 PM -0700 8/16/01, Alex Alten wrote:
>>At 06:21 PM 8/16/2001 -0400, Henry Spencer wrote:
>>>On Thu, 16 Aug 2001, Stephen Kent wrote:
>>>> ...unauthorized access to computing resources on organizational LANs.
>>>> Encryption of lots of Internet traffic, without accompanying
>>>> authentication and access control, does not address the latter concern.
>>>
>>>And antiaircraft missiles aren't very effective against submarines, either!
>>>Different solutions to different problems.
>>>
>>>IPsec would not have encryption at all if passive wiretapping was not a
>>>serious concern.
>>>
>>
>>You are both right. You need the encryption to properly enforce
>>the authentication and access control. In a trusted networked system
>>they are both required.
>>
>>- Alex
>
>Alex,
>
>in fact, we use the integrity algorithm to provide continuity for the
>initial authentication exchange provided by IKE, not encryption.
>
>Steve
>
Thank you Steve for pointing this out. I realized that I had not mentioned
integrity as soon as I had sent the email. However certainly encryption is
(almost) without exception a "must have" component of any secure network
system.
My point is that we need all of them to build a properly secure network
system,
none them can stand alone. I think even you can agree on this point.
- Alex
--
Alex Alten
Alten@Home.Com
Follow-Ups:
References: