|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Security Use RequirementsMichael, Mandating additional resources to implement privacy would not allow this to be a customer made trade-off. Allowing it as product feature option would. Doug > > My comment was not a veiled argument for no security but rather an open > > question. I would wish to argue for only mandating authentication and > > integrity and make privacy an option. If to follow NFS and use > of GSS-API > > (http://www.ietf.org/rfc/rfc1961.txt) as mentioned by David > Robinson, with > > recommend (Kerberos V5) (http://web.mit.edu/kerberos/www/) and > Internet size > > security (Lipkey) (http://www.ietf.org/rfc/rfc2847.txt for > authentication > > and integrity where perhaps just the dynamic portion of the PDU > headers are > > encrypted as a type of checksum. Privacy seems like an expensive > > proposition to make mandatory for the entire data payload. > > Why not allow the customer to make the tradeoff between security and > performance? > > -mre >
Home Last updated: Tue Sep 04 01:05:33 2001 6315 messages in chronological order |