Re: recommendation against publication of draft-cerpa-necp-02.txt

[Stephen Kent]

Keith,

Without comments on other aspects of the technology in question, I 
would like to make some observations about the security aspects of 
the processing you cite as violating IP.

By now we all should know that it is a bad idea to rely on an 
unauthenticated IP address as a basis for determining the source of a 
packet. Similarly. the IP header checksum offers no security.  We 
have a variety of IETF standard protocols (e.g., IPsec and TLS) that 
provide suitable assurance for data origin authentication and 
integrity for application data sent via IP.  Thus, if anyone is 
really concerned about know with whom they are communicating, and 
whether a packet was modified in transit, they should be using these 
standards security technologies.  Many web sites for which these 
security concerns are significant already make use of SSL/TLS anyway.

Steve