On Tue, 2005-03-08 at 22:50 -0500, Andrew Newton wrote:
On Mar 8, 2005, at 6:55 PM, Michael Thomas wrote:
It seems like an easier hand-wave than the
reality of implementation.
As is all protocol work.
Would you rather there be no mitigation against replay?
This all depends on the pain/gain ratio. I'm trying to
understand the pain side of the equation. If it's too
painful, then I guess that nothing would be better than
something that doesn't work and/or is undeployable --
why spend lots of time on things that can't be deployed?
My other concern here is that it hasn't always been clear
what holes the bad guys will exploit once one path has been
closed off. This is at best a theoretical problem at this
point, and one that's not likely to affect enterprise too much
(requires an inside job for the most part). I originally made
my peace with this by thinking it could be dealt with in the
reputation plane -- which is more or less what the big ESP's
have to do today to keep their brand intact. I still wonder
who would wheel out all of this complicated machinery without
clear cut evidence of this being a real life exploit?
Mike