[12396] in North American Network Operators' Group
Re: LSR and packet filters
daemon@ATHENA.MIT.EDU (Bill Manning)
Sun Sep 14 22:48:14 1997
From: bmanning@isi.edu (Bill Manning)
To: alex@netaxs.com (Alex \"Mr. Worf\" Yuriev)
Date: Sun, 14 Sep 1997 19:31:20 -0700 (PDT)
Cc: hank@ibm.net.il, smd@clock.org, rja@corp.home.net, nanog@merit.edu
In-Reply-To: <Pine.SUN.3.95.970914034817.2115K-100000@access.netaxs.com> from "Alex \"Mr. Worf\" Yuriev" at Sep 14, 97 03:49:44 am
> > >> a packet transmitted between two nonfaulty end systems A
> > >> and B will have a high probability of being delivered,
> > >> provided that at least one path consists of nonfaulty
> > >> components connects the two end systems. [...] The
> > >> network layer makes no attempt to keep conversations
> > >> private. If privacy is necessary, encryption must be
> > >> done at a higher layer. Also, the network layer need not
> > >> certify data that it delivers. For instance, it is
> > >> possible for some malicious node C to generate data, get
> > >> it delivered to B, and claim that the data was from A.
> > >> It is up to the higher layer in B to differentiate
> > >> between corrupted or counterfeit data and real data,
> > >> using known cryptographic techniques".
> > >
> > >Well, then he is *WRONG*. Authentication and privacy should be a function
> > >of the network layer, not the application layer because it is a lot easier
> > >to attack application layer encryption compared to lower layers.
> >
> > Radia is a she. Anyone who has been in this field for more than 2 years
> > should know that even if you can't guess what tli or pst or Yakov are :-)
>
> Quoting Marcus Ranum: "I do not care who or what that is as long as it
> makes sense".
>
> Alex
Oh, Radia makes sense. Its just that your assumptions and hers
differ.
--
--bill
