[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Some thoughts on the Chinese Net
Bill Stewart writes:
> >They could use no stock software, and they would grind every machine
> >in the country to its knees doing the signatures. RSA signatures
> >aren't cheap.
>
> Could you use IPv6 / IPSP authentication to do the job?
Yes, they could. (Its IPSEC these days, by the way).
However, again, I don't think it will do them much good, especially
since forcing people to deploy strong cryptography everywhere isn't
in their best interests. They could try only doing the AH part of the
protocol, of course, but even then, using forged, stolen, or otherwise
ingenuine credentials isn't that hard. Crypto isn't a panacea, and if
you can't trust both endpoints its hard to trust the crypto itself...
Perry