Re: Rant (Was Re: Our friend FTP, again)

["Ge' Weijers" <ge () progressive-systems com>]

On Sun, Apr 18, 1999 at 08:37:41AM -0700, David LeBlanc wrote:
> Possibly.  I also think that IPSec will solve a lot of problems once it is
> widespread.  It doesn't require IPv6, and once every protocol doesn't have
> to roll its own privacy and integrity mechanisms, that will take us a long
> way.  IPSec is going to be shipping in most major OS's RSN - we'll see if
> people actually use it...

IPSEC is an afterthought, and a substitute for good protocol
design. And it requires a lot of infrastructure to be effective
(secure DNS or PKI). One of the problems I have with it is that you
lose anonymity. If you just want to download a publicly available file
you should not have to prove your identity. You _do_ want to make sure
that the file comes from the server you requested it from in the first
place. 

Initially we'll probably be running IPSEC between security gateways,
not from endpoint to endpoint. I wonder how much we'll be gaining this
way, because these gateways will have to be as clever as current
firewalls about which connections to let through.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220