[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
On Mon, 26 Aug 2002, Waterhouse, Richard wrote:
> ...applications that need to run in such environments have to do FEC/CRC
> end-to-end. And they can't do it if the data carried in the packets is
> discarded, and not passed up, because of an ESP level authentication
> function.
Then the right thing to do is to do encryption and authentication end-to-end
as well, *above* the error-correction layer.
> > By the way, the reason for making authentication a MUST is that there are
> > effective active attacks against confidentiality without it. You don't
> > *get* reliable confidentiality without authentication.
> >
> >>> This should be a security policy issue to be negotiated. If I have other
> mechanisms at higher layers that can compensate...
How do mechanisms at higher layers "compensate" for easily-breakable
encryption? I can't make any sense of this; can you elaborate?
Henry Spencer
henry@spsystems.net