- From: Jacob Palme <jpalme@dsv.su.se>
- Date: Mon, 26 Jul 1999 11:01:42 +0200
- To: discuss@apps.ietf.org
- Cc: smb@research.att.com
At 20.44 -0700 99-07-21, Paul Hoffman / IMC wrote: >This list might be interested in draft-iab-secmech-01.txt. It >describes the applicability of various IETF security mechanisms to >various situations, including applications. Steve Bellovin says he >hasn't gotten much comment on it and wants to go to last call soon, >so you should review it soon and let him know if you have any >changes or desired additions. The document, like many other security documents, tells too much about what will not work, too little on what will work. It seems as if security experts are better at telling you that something is dangerous or might not be secure, than telling you how to get security. I would prefer to get more practical advice with recommendations on how to get the security you want. This may be a reason why security techniques have so much trouble getting accepted and used. I was interested to note the warnings against MD5, since MD5 is so popular. But why not tell us what we should use instead of MD5, instead of just saying that MD5 has security risks. There was no mention of the export restriction problem with encryption tools. Is this not a major problem? How can you resolve it? ------------------------------------------------------------------------ Jacob Palme <jpalme@dsv.su.se> (Stockholm University and KTH) for more info see URL: http://www.dsv.su.se/~jpalme
Received on Monday, 26 July 1999 05:07:24 UTC