RE: iFCP: security position

To: bill@sanera.net
Subject: RE: iFCP: security position
From: Paul Koning <pkoning@jlc.net>
Date: Mon, 10 Sep 2001 13:50:00 -0400
Cc: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <5.0.2.1.2.20010907192713.039a8b70@zbl6c002.corpeast.baynetworks.com><HDECJFNIFJBIAINDCFOMCEPECAAA.bill@sanera.net>
Sender: owner-ips@ece.cmu.edu

Excerpt of message (sent 7 September 2001) by Bill Strahm:
> Why do you care how traffic is encrypted ???
> 
> Would you rather see Clear traffic than DES traffic ?

Yes, absolutely.  

That is because clear traffic does not mislead.  It is
obviously not secure.  DES is sufficiently weak that encrypting with
it could be viewed as a form of false advertising.

This is also what is wrong with things like WEP -- these are systems
that pretend to offer security but in fact do not.  And people defend
them with similar arguments.  Or, for that matter, Fred Foobar's
Famous Snake Oil encryption algorithm.  The problem in all these cases
is that the appearance of crypto without the reality is much, much
worse than the absence of crypto.  You should have either strong
crypto, or none.  After all, strong crypto is readily available.

DES shows up as mandatory in IPsec for reasons that were political, not
technical, and that became obsolete several years ago.

     paul

Follow-Ups:
- RE: iFCP: security position
  - From: "Bill Strahm" <bill@sanera.net>

References:
- RE: iFCP: security position
  - From: "Franco Travostino" <travos@nortelnetworks.com>
- RE: iFCP: security position
  - From: "Bill Strahm" <bill@sanera.net>

Prev by Date: RE: iFCP: security position
Next by Date: REMOVE
Prev by thread: RE: iFCP: security position
Next by thread: RE: iFCP: security position
Index(es):
- Date
- Thread

Home

Last updated: Mon Sep 10 17:17:06 2001
6496 messages in chronological order