On 06/19/2003 01:49 PM, martin f krafft wrote:
As far as I can tell, IPsec's ESP has the functionality of
authentication and integrity built in:
It depends on what you mean by built in.
1) The RFC provides for ESP+authentication but
does not require ESP to use authentication.
2) Although the
A couple of people wrote in to say that my remarks
about defending against traffic analysis are not
As 'proof' they cite
which proves nothing of the sort.
The conclusion of that paper correctly summarizes
the body of the paper; it says
On 08/28/2003 04:26 PM, David Wagner wrote:
Are you sure you understood the attack?
Are you sure you read my original note?
The attack assumes that communications links are insecure.
I explicitly hypothesized that the links were
encrypted. The cryptotext may be observed and
its timing may be
On 09/06/2003 02:33 PM, Tim Dierks wrote:
I'm sure that it would be possible to design a Feistel-based block
cipher with variable block size, supporting some range of even values
There's no need to exclude odd n.
I know the typical superficial textbook describes
the Feistel trick in
On 10/01/2003 11:22 AM, Don Davis wrote:
there's another rationale my clients often give for
wanting a new security system, instead of the off-
the-shelf standbys: IPSec, SSL, Kerberos, and the
XML security specs are seen as too heavyweight for
some applications. the developer doesn't want
On 10/03/2003 01:26 PM, R. A. Hettinga wrote:
It seems to me that perfect pseudonymity *is* anonymity.
They're not quite the same thing; see below.
Frankly, without the ability to monitor reputation, you don't have
ways of controlling things like transactions, for instance. It's just
Perry E. Metzger wrote:
I've noted to others on this before that for an application like
the IP fragmentation id, it might be even better if no repeats
occurred in any block of 2^31 (n being 32) but the sequence did not
repeat itself (or at least could be harmlessly reseeded at very very
On 10/16/2003 07:19 PM, David Honig wrote:
it would make sense for the original vendor website (eg Palm)
to have signed the MITM site's cert (palmorder.modusmedia.com),
not for Verisign to do so. Even better, for Mastercard to have signed
both Palm and palmorder.modusmedia.com as well. And
On 10/22/2003 04:33 PM, Ian Grigg wrote:
The frequency of MITM attacks is very low, in the sense that there
are few or no reported occurrences.
We have a disagreement about the facts on this point.
See below for details.
This makes it a challenge to
respond to in any measured way.
We have a
On 11/19/2003 07:51 PM, Jon Callas wrote:
This is indeed the only case I know of where government has given
protection and preference to inferior systems over superior ones.
It's not hard to discover other cases.
At the philosophical level, one could argue that
protecting the weak is one of the
Previous discussions of secure computing technology have
been in some cases sidetracked and obscured by extraneous
notions such as
-- Microsoft is involved, therefore it must be evil.
-- The purpose of secure computing is DRM, which is
intrinsically evil ... computers must be able to
Mail list logo