From: "Perry E. Metzger" <perry@piermont.com>
Date: Tue, 20 Feb 1996 04:35:20 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: Some thoughts on the Chinese Net
In-Reply-To: <199602181745.JAA08925@ix5.ix.netcom.com>
Message-ID: <199602191921.OAA07056@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Bill Stewart writes:
> >They could use no stock software, and they would grind every machine
> >in the country to its knees doing the signatures. RSA signatures
> >aren't cheap.
> 
> Could you use IPv6 / IPSP authentication to do the job?

Yes, they could. (Its IPSEC these days, by the way).

However, again, I don't think it will do them much good, especially
since forcing people to deploy strong cryptography everywhere isn't
in their best interests. They could try only doing the AH part of the
protocol, of course, but even then, using forged, stolen, or otherwise
ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
you can't trust both endpoints its hard to trust the crypto itself...

Perry