Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPsec and firewalls

From: carson () tla org
Date: Sat, 7 Feb 1998 20:25:28 -0500 (EST)
"Aleph" == Aleph One <aleph1 () dfw dfw net> writes:


Aleph> Not necessarily. The typical example is that of users using a pseudonym. I
Aleph> may accept a key from them on our initial contact without verifying it
Aleph> with a trusted third party (as it is a pseudonym and there is not one to
Aleph> trust) yet every time after that I have their key and verify I was talking
Aleph> to the same person I was taking the first time. In any case I will not
Aleph> always want to authenticate. I may just want to encrypt the session and a
Aleph> simple key exchange is all that is needed. No need to verify anything with
Aleph> a third party.

True. Of course, this doesn't scale beyond one-to-one, unless you put this
anonymous association with a trusted 3rd party. :)

I, personally, find the applicability of one-to-one associations to be
vanishingly small. Even fairly trivial applications (say, personal profile
data for something), frequently require that more than one machine be used
for performance or reliability purposes.

I can see some potential uses with e-mail keys and the like, but those
really need to be distributed these days as well.

-- 
Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
Previous By Date Next
Previous By Thread Next

Current thread: