[EMAIL PROTECTED] says:
> > There is strong evidence that the network layer may be more
> > appropriate -- see the recent IP security proposals.
>
> Well, they would say that, wouldn't they ? As TCP/IP does not contain a
> formal presentation layer, I would not expect IP security proposals to
> suggest that that is where encryption belongs.
ISO doesn't contain a formal presentation layer, either, since its
largely vaporware. There are millions of hosts on the internet, and
we'd rather get work done than argue with people who've never
implemented anything.
> The argument against locating encryption at level 3 is that the security
> would be completely at the mercy of the transport provider, which, if an
> outside agency, trashes the whole concept.
This is inane. My machine is the origin of my IP packets, and I
control my machine. Most proposals for IP layer security, like swIPe,
provide simple hooks for having many different encryption keys and
methods being in use between two hosts -- so that users are in control
of the keys associated with their TCP sessions, for example.
> Take for example data passed over ISDN lines, running over an ATM backbone.
> Should you just trust the telco that it will encrypt data ?
Since IP packets are formed and encrypted before the data hits the
ISDN lines, your comments are meaningless.
The rest of your comments displayed similar ignorance about the whole
field. None of this is apropriate for Info-AFS, so I'm dropping the
discussion here, with the exception of noting one thing:
> N.B. Public Key encryption (like in RSA) and symmetric encryption (like in
> DES) are cryptoanalytically equivalent when applied to networks.
"Networks" are not meaningful in this context -- cryptography is
always applied to communications over a channel. Computer networks are
just one kind of channel. The phrase "cryptanalytically equivalent" is
meaningless -- I've never heard a cryptographer use it.
Frankly, you come out sounding like a crank.
Perry
