Re: Comments on Mandatory Ciphers and a Proposal

[Lewis McCarthy <lmccarth@xxxxxxxxxxxx>]

Keith Moore writes:
>>> B) Translating gateways are evil.

Jeff Williams writes:
>   This sounds nearly cultest of nature.  ???

Jeff, 

I recommend that you read pp. 143-146 of Victor Voydock & Steve Kent's
survey article on "Security mechanisms in high-level network protocols"
in ACM Computing Surveys v.15 no.2, June 1983. Sections 2.1 and 2.2
lay out the end-to-end security argument quite concisely. Here are a
few choice quotations:

  "...one problem with link-oriented protection is that subversion
   of a single intermediate node can expose substantial amounts of
   message traffic. Another serious problem is the cost of 
   maintaining the security of the nodes..."

  "To make matters worse, it is difficult to apportion the costs
   of link-oriented protection fairly...In addition, many network
   users may not want to rely, for security services, on the
   authorities controlling the communications subnet. This is
   especially true in an open-system environment where information
   exchanged on an association may traverse multiple networks
   controlled by diverse organizations. For all of these reasons,
   link-oriented measures do not appear to be appropriate as the
   basis for communication security in an open-system environment."
-- 
Lewis    http://www.cs.umass.edu/~lmccarth/    "In our opinion
provable security is nothing more than a phantom, similar to
the perpetuum mobile in thermodynamics."  -- Joan Daemen, 1995