Suppose, rhetorically, that we were to encrypt every IP packet using IPSEC.
What happens if a box takes your packet and deliver it to the "wrong"
address, for example to an ISP controlled cache? Well, the cache cannot do
anything with it, except drop it to the floor. We are thus faced with a
dilemma: not use IPSEC because it breaks the ISP provided "enhancement," or
tell the ISP to stop this denial of service attack.

> -----Original Message-----
> From: Stephen Kent [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 07, 2000 10:07 AM
> To: Leslie Daigle
> Subject: Re: recommendation against publication of
> draft-cerpa-necp-02.txt
> Leslie,
> I understand your point, but we leave ourselves open to many forms of 
> attacks, or errors, by assuming that "what you receive is what was 
> sent" in this era of the Internet.  Security is not black and white, 
> but the gray area we're discussing does bother me.  If one cares 
> about knowing where the data originated, and that it has not been 
> altered, then one needs to make use of the tools provided to address 
> that concern.  if one doesn't use the tools, then one does not care 
> very much, and the results may be surprising :-).
> Steve

Reply via email to