1995-08-03 - Re: Transport Layer Security (Was: Re: “Cypherpunks Write Code” as a Putdown)

Header Data

From: “Perry E. Metzger” <perry@panix.com>
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 40fe4285f2e612c0358be9bea87f024ae4251ef85e4a7a1df837fce77e654597
Message ID: <199508031445.KAA08364@panix4.panix.com>
Reply To: <9508031243.AA18140@cs.umass.edu>
UTC Datetime: 1995-08-03 15:17:06 UTC
Raw Date: Thu, 3 Aug 95 08:17:06 PDT

Raw message

From: "Perry E. Metzger" <perry@panix.com>
Date: Thu, 3 Aug 95 08:17:06 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown)
In-Reply-To: <9508031243.AA18140@cs.umass.edu>
Message-ID: <199508031445.KAA08364@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



By the way, I'm very disappointed that this sort of topic doesn't come
up here more often. I perceive that it may be because lots of people
on this list are cyphergroupies and not actually tuned in to the
technical issues of securing every-day communication.

Futplex writes:
> Could someone say a bit more about the perceived difficulties associated
> with secure network routing protocols ?  TIA.
                                           ^^^^????

> I am not at all optimistic about defeating DoS attacks....

The people building the new routing protocols (BGP, OSPF, etc) have
included cryptographic security provisions in them that will work
regardless of whether IPSEC is available. Some of these have to be
hand configured but thats not actually a problem since peering in many
of these systems has to be hand configured in the first place. I had a
long talk with the Area Director for routing and such in the bar at
the last IETF meeting and he gave me the impression the routing people
are acutely aware of the problem and hope to assure that it disappears
with time.

Given cryptographic security on the routing packets, denial of service
attacks directed against routing become hard. Photuris has built in
protection against denial of service against it, by the way.

With luck, we will be down to dealing with very crude denial of
service attacks like packet flooding and hopefully we can come up with
reasonable mechanisms to stop them in the ordinary case.

Perry

PS Again, I strongly encourage people to get involved in the efforts
to secure the internet with IPSEC, MOSS and similar things. WE NEED YOU!





Thread