ietf
[Top] [All Lists]

Re: recommendation against publication of draft-cerpa-necp-02.txt

2000-04-07 12:10:03
Applications can gain a lot of security by building on top of a lower 
layer secure communication substrate, such as that provided by IPsec 
or TLS.  Such substrates allow the application developer to make 
assumptions about the security of the basic communication path, and 
have these assumptions be valid.  Precisely the sorts of things you 
are citing as "bad" can be addressed in this way.  Fancier 
application security requires some level of customization, perhaps in 
an application-specific fashion, as you noted.

I beg to differ.  Few applications can use IPsec or TLS authentication 
as-is.   A few more can get away with using username/password schemes
on top of IPsec or TLS privacy.  But neither IPsec nor TLS is anything
resembling a generally applicable authentication solution.  

Keith



<Prev in Thread] Current Thread [Next in Thread>