[12384] in North American Network Operators' Group
Re: LSR and packet filters
daemon@ATHENA.MIT.EDU (Alex \"Mr. Worf\" Yuriev)
Sun Sep 14 03:57:53 1997
Date: Sun, 14 Sep 1997 03:49:44 -0400 (EDT)
From: "Alex \"Mr. Worf\" Yuriev" <alex@netaxs.com>
To: Hank Nussbacher <hank@ibm.net.il>
cc: "Sean M. Doran" <smd@clock.org>, Ran Atkinson <rja@corp.home.net>,
nanog@merit.edu
In-Reply-To: <2.2.32.19970914074425.00685edc@max.ibm.net.il>
> >> a packet transmitted between two nonfaulty end systems A
> >> and B will have a high probability of being delivered,
> >> provided that at least one path consists of nonfaulty
> >> components connects the two end systems. [...] The
> >> network layer makes no attempt to keep conversations
> >> private. If privacy is necessary, encryption must be
> >> done at a higher layer. Also, the network layer need not
> >> certify data that it delivers. For instance, it is
> >> possible for some malicious node C to generate data, get
> >> it delivered to B, and claim that the data was from A.
> >> It is up to the higher layer in B to differentiate
> >> between corrupted or counterfeit data and real data,
> >> using known cryptographic techniques".
> >
> >Well, then he is *WRONG*. Authentication and privacy should be a function
> >of the network layer, not the application layer because it is a lot easier
> >to attack application layer encryption compared to lower layers.
>
> Radia is a she. Anyone who has been in this field for more than 2 years
> should know that even if you can't guess what tli or pst or Yakov are :-)
Quoting Marcus Ranum: "I do not care who or what that is as long as it
makes sense".
Alex
