OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: IPsec and firewalls

Re: IPsec and firewalls


carsontla.org
Sat, 7 Feb 1998 20:25:28 -0500 (EST)


>>>>> "Aleph" == Aleph One <aleph1dfw.dfw.net> writes:

Aleph> Not necessarily. The typical example is that of users using a pseudonym. I
Aleph> may accept a key from them on our initial contact without verifying it
Aleph> with a trusted third party (as it is a pseudonym and there is not one to
Aleph> trust) yet every time after that I have their key and verify I was talking
Aleph> to the same person I was taking the first time. In any case I will not
Aleph> always want to authenticate. I may just want to encrypt the session and a
Aleph> simple key exchange is all that is needed. No need to verify anything with
Aleph> a third party.

True. Of course, this doesn't scale beyond one-to-one, unless you put this
anonymous association with a trusted 3rd party. :)

I, personally, find the applicability of one-to-one associations to be
vanishingly small. Even fairly trivial applications (say, personal profile
data for something), frequently require that more than one machine be used
for performance or reliability purposes.

I can see some potential uses with e-mail keys and the like, but those
really need to be distributed these days as well.

-- 
Carson Gaspar -- carsoncs.columbia.edu carsontla.org carsoncugc.org
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:32 CDT