Markus, Thanks for this. I think you've summed up the problem in a nut shell. Please see below.
On 7/27/16 2:34 PM, Grunwald, Markus wrote: > > > For me, this leads to multiple security levels: > > 1) Basic security: fast response, low cost with lower security: > use symmetric keys. Use this where the risk is low. > > 2) High security, low cost: Allow slow(er) response times, > because of the ECC calculations. Kind of a compromise… > > 3) High security, higher cost: add some crypto hardware. For high > risk environments with low latency > > > > I don’t think that we will be able to cover the whole range of > requirements with one single approach. Implementing the lowest level > would be relatively easy for first concepts. > > And here is the challenge: enterprise networks do have a variety of risk tolerances from minimal to high security. What is being designed here is a protocol that needs to accommodate a broad range of those uses. It seems to me that we need to be cognizant of the broader picture in order to solve for (1), (2), and (3). If we can be assured of some infrastructure support at lower layers, we can at least answer the question of who did what when. And that is important. Regards, Eliot
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
