[12383] in North American Network Operators' Group
Re: LSR and packet filters
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Sun Sep 14 03:55:07 1997
Date: Sun, 14 Sep 1997 09:44:25 +0200
To: "Alex \"Mr. Worf\" Yuriev" <alex@netaxs.com>,
"Sean M. Doran" <smd@clock.org>
From: Hank Nussbacher <hank@ibm.net.il>
Cc: Ran Atkinson <rja@corp.home.net>, nanog@merit.edu
At 02:37 AM 9/14/97 -0400, Alex \"Mr. Worf\" Yuriev wrote:
>> Quoting Radia Perlman:
>>
>> "The goal is to design a network that will guarantee that
>> a packet transmitted between two nonfaulty end systems A
>> and B will have a high probability of being delivered,
>> provided that at least one path consists of nonfaulty
>> components connects the two end systems. [...] The
>> network layer makes no attempt to keep conversations
>> private. If privacy is necessary, encryption must be
>> done at a higher layer. Also, the network layer need not
>> certify data that it delivers. For instance, it is
>> possible for some malicious node C to generate data, get
>> it delivered to B, and claim that the data was from A.
>> It is up to the higher layer in B to differentiate
>> between corrupted or counterfeit data and real data,
>> using known cryptographic techniques".
>
>Well, then he is *WRONG*. Authentication and privacy should be a function
>of the network layer, not the application layer because it is a lot easier
>to attack application layer encryption compared to lower layers.
Radia is a she. Anyone who has been in this field for more than 2 years
should know that even if you can't guess what tli or pst or Yakov are :-)
-Hank
