North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: LSR and packet filters
At 02:37 AM 9/14/97 -0400, Alex \"Mr. Worf\" Yuriev wrote: >> Quoting Radia Perlman: >> >> "The goal is to design a network that will guarantee that >> a packet transmitted between two nonfaulty end systems A >> and B will have a high probability of being delivered, >> provided that at least one path consists of nonfaulty >> components connects the two end systems. [...] The >> network layer makes no attempt to keep conversations >> private. If privacy is necessary, encryption must be >> done at a higher layer. Also, the network layer need not >> certify data that it delivers. For instance, it is >> possible for some malicious node C to generate data, get >> it delivered to B, and claim that the data was from A. >> It is up to the higher layer in B to differentiate >> between corrupted or counterfeit data and real data, >> using known cryptographic techniques". > >Well, then he is *WRONG*. Authentication and privacy should be a function >of the network layer, not the application layer because it is a lot easier >to attack application layer encryption compared to lower layers. Radia is a she. Anyone who has been in this field for more than 2 years should know that even if you can't guess what tli or pst or Yakov are :-) -Hank
|