> -----Original Message----- > From: Bound, Jim [mailto:[EMAIL PROTECTED]
> On the > issue of e2e encrypt/decrypt except the header there are > those for many reasons will not want to permit this for the > reasons you state is my experience. I may we way off base, but when I read this, all I can conclude is that security is a non-starter. How can a system be considered secure if the data is not encrypted when it travels across non-trusted networks? And, who would consider his comm links secure if he has to trust the ISP? The NIST Profile makes this same point about plaintext through routers, and I concluded the same thing there. Sounds like a non-sequitur. In principle, authentication, in the non-trusted part of the network, is all that should be required. If security experts determined that AH is not so good, then maybe ESP within ISP nets is okay. But this does not remove the need for e2e encryption, IMO. > But do we take social and > law enforcement issues into consideration as IETF > individuals? The only logical answer is that whatever node inspects the packets has to be capable of decrypting them. Which means, it must become a trusted node. > But I don't think not doing e2e is > going to stop bad intentioned criminals. I'd put it more strongly. Not doing e2e IPsec invalidates the whole security model. It then becomes just something to show on a viewgraph, to try to confuse the innocent into believing that the system is secure. Bert -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
