1995-02-01 - Re: ESP Unix encrypted session protocol software
Header Data
From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: d3b6c2def416501b6c04a59d1900f189c1a8b62d79ae9afbddce742aa0fa7e74
Message ID: <199502010527.VAA04897@largo.remailer.net>
Reply To: <9501301802.AA08512@merckx.info.att.com>
UTC Datetime: 1995-02-01 05:29:07 UTC
Raw Date: Tue, 31 Jan 95 21:29:07 PST
Raw message
From: eric@remailer.net (Eric Hughes)
Date: Tue, 31 Jan 95 21:29:07 PST
To: cypherpunks@toad.com
Subject: Re: ESP Unix encrypted session protocol software
In-Reply-To: <9501301802.AA08512@merckx.info.att.com>
Message-ID: <199502010527.VAA04897@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain
From: Matt Blaze <mab@research.att.com>
[this = storing secrets]
At the extreme, fixing this is a Hard Problem. In practice for establishing
a reasonably secure session, it all depends on how much you worry about a
full-blown (two way) spoofing attack against IP.
I know Matt realizes, but let me repeat for the rest of the list.
Just because plain old Diffie Hellman is subject to active attack
doesn't mean it's useless. Some protection is better than no
protection at all. It's still worthwhile implementing some security
to make an opponent's task harder than to implement no security.
And just because some people find this level of security inadequate
does not mean that everyone else does.
Eric
Thread
- Return to January 1995
Return to February 1995
- Return to “Alan Barrett <barrett@daisy.ee.und.ac.za>”
- Return to “eric@remailer.net (Eric Hughes)”
- Return to “Matt Blaze <mab@research.att.com>”
- Return to ““Perry E. Metzger” <perry@imsi.com>”
Return to “Thomas Grant Edwards <tedwards@src.umd.edu>”
- 1995-01-30 (Mon, 30 Jan 95 08:01:55 PST) - ESP Unix encrypted session protocol software - Matt Blaze <mab@research.att.com>
- 1995-01-30 (Mon, 30 Jan 95 09:06:17 PST) - Re: ESP Unix encrypted session protocol software - Alan Barrett <barrett@daisy.ee.und.ac.za>
- 1995-01-30 (Mon, 30 Jan 95 09:42:48 PST) - Re: ESP Unix encrypted session protocol software - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-30 (Mon, 30 Jan 95 10:07:52 PST) - Re: ESP Unix encrypted session protocol software - Matt Blaze <mab@research.att.com>
- 1995-01-30 (Mon, 30 Jan 95 11:23:32 PST) - Re: ESP Unix encrypted session protocol software - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-30 (Mon, 30 Jan 95 13:05:57 PST) - Re: ESP Unix encrypted session protocol software - “Perry E. Metzger” <perry@imsi.com>
- 1995-01-31 (Mon, 30 Jan 95 23:56:13 PST) - Re: ESP Unix encrypted session protocol software - Alan Barrett <barrett@daisy.ee.und.ac.za>
- 1995-01-30 (Mon, 30 Jan 95 13:05:57 PST) - Re: ESP Unix encrypted session protocol software - “Perry E. Metzger” <perry@imsi.com>
- 1995-02-01 (Tue, 31 Jan 95 21:29:07 PST) - Re: ESP Unix encrypted session protocol software - eric@remailer.net (Eric Hughes)
- 1995-02-01 (Tue, 31 Jan 95 23:49:33 PST) - Re: ESP Unix encrypted session protocol software - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-02-01 (Wed, 1 Feb 95 08:58:07 PST) - Re: ESP Unix encrypted session protocol software - eric@remailer.net (Eric Hughes)
- 1995-02-01 (Tue, 31 Jan 95 23:49:33 PST) - Re: ESP Unix encrypted session protocol software - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-30 (Mon, 30 Jan 95 11:23:32 PST) - Re: ESP Unix encrypted session protocol software - Thomas Grant Edwards <tedwards@src.umd.edu>
- 1995-01-30 (Mon, 30 Jan 95 10:07:52 PST) - Re: ESP Unix encrypted session protocol software - Matt Blaze <mab@research.att.com>