[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Position statement on IKE development



I have a different set of concerns, IPSEC is not being used in cases where
it should have been the answer.

In particular the IEEE 802.11b WEP fiasco could have been averted if the
designers had not been discouraged by the complexity of IPSEC.

Another issue is why can't I buy a printer that is IPSEC enabled?

I believe that the biggest problem with IPSEC is that the search for a
certain view of perfect security has lead to a standard that many have
bypassed altogether as too demanding.

Perfect Forward Secrecy is great, but I would rather have a secure means of
connecting to my printer than the possibility of a perfectly secure means in
ten years time.

End to end security is a good thing, but in many applications the overhead
of negotiating trust relationships end to end is just too high. How am I
expected to configure the end to end security on an embedded device with no
console. Oh I use a web browser to connect to it, yes very end to end.

		Phill



Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@xxxxxxxxxxxx
781 245 6996 x227


> -----Original Message-----
> From: Marcus Leech [mailto:mleech@xxxxxxxxxxxxxxxxxx]
> Sent: Thursday, August 02, 2001 9:34 PM
> To: msec@xxxxxxxxxxxxxxxxxxx; ietf-ipsra@xxxxxxxx;
> ipsec-policy@xxxxxxxx; ipsec@xxxxxxxxxxxxxxxxx
> Subject: Position statement on IKE development
> 
> 
> I'm sending the attached ASCII TEXT document on behalf of myself, Jeff
> Schiller, and
>   Steve Bellovin, to clarify our position with respect to IKE
> development. It is our hope
>   that it will clarify, to some extent, some fuzziness in 
> this area that
> has evolved over
>   the last year or so.
> 

Attachment: Phillip Hallam-Baker (E-mail).vcf
Description: Binary data