> By now we all should know that it is a bad idea to rely on an > unauthenticated IP address as a basis for determining the source of a > packet. Similarly. the IP header checksum offers no security. We > have a variety of IETF standard protocols (e.g., IPsec and TLS) that > provide suitable assurance for data origin authentication and > integrity for application data sent via IP. Thus, if anyone is > really concerned about know with whom they are communicating, and > whether a packet was modified in transit, they should be using these > standards security technologies. Many web sites for which these > security concerns are significant already make use of SSL/TLS anyway. While I naturally agree that one should not use unauthenticated IP addresses to determine the source of a packet, I think it's a big stretch to say that the existence of IPsec and TLS means that it's okay for third parties to forge source addresses. and for different reasons, both IPsec and TLS are of fairly limited applicability for application-level security - we are still missing lots of pieces. Keith
- Re: recommendation against pu... Stephen Kent
- Re: recommendation against public... Dennis Glatting
- Re: recommendation against pu... Valdis . Kletnieks
- Re: recommendation against pu... Daniel Senie
- Re: recommendation against pu... Dennis Glatting
- Re: recommendation against pu... Theodore Y. Ts'o
- Re: recommendation against publication... Keith Moore
- Re: recommendation against public... Stephen Kent
- Re: recommendation against pu... Keith Moore
- Re: recommendation against pu... Stephen Kent
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Stephen Kent
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draft-ce... Peter Deutsch
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Theodore Y. Ts'o
- Re: recommendation against publication of ... Peter Deutsch
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draf... Bill Sommerfeld
- Re: recommendation against publication of ... Patrik Fältström
- Re: recommendation against publication of draft-cerpa-n... Vernon Schryver