[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on Mandatory Ciphers and a Proposal
Lewis,
Lewis McCarthy wrote:
>
> Keith Moore writes:
> >>> B) Translating gateways are evil.
>
> Jeff Williams writes:
> > This sounds nearly cultest of nature. ???
>
> Jeff,
>
> I recommend that you read pp. 143-146 of Victor Voydock & Steve Kent's
> survey article on "Security mechanisms in high-level network protocols"
> in ACM Computing Surveys v.15 no.2, June 1983. Sections 2.1 and 2.2
> lay out the end-to-end security argument quite concisely. Here are a
> few choice quotations:
Thanks! I will re-read this again.
>
> "...one problem with link-oriented protection is that subversion
> of a single intermediate node can expose substantial amounts of
> message traffic. Another serious problem is the cost of
> maintaining the security of the nodes..."
I agree with this assertion in general. But the falicy in this
statment
is it doesn't go far enough. One must weigh the cost of the security in
question against the costs of a breach in that security. >;)
>
> "To make matters worse, it is difficult to apportion the costs
> of link-oriented protection fairly...In addition, many network
> users may not want to rely, for security services, on the
> authorities controlling the communications subnet. This is
> especially true in an open-system environment where information
> exchanged on an association may traverse multiple networks
> controlled by diverse organizations. For all of these reasons,
> link-oriented measures do not appear to be appropriate as the
> basis for communication security in an open-system environment."
Yep!
> --
> Lewis http://www.cs.umass.edu/~lmccarth/ "In our opinion
> provable security is nothing more than a phantom, similar to
> the perpetuum mobile in thermodynamics." -- Joan Daemen, 1995
Regards,
--
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java Development Eng.
Information Eng. Group. IEG. INC.
Phone :913-294-2375 (v-office)
E-Mail jwkckid1@xxxxxxxxxxxxx