[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP Unix encrypted session protocol software



At 10:02 AM 1/30/95, Matt Blaze wrote:
....>As for the alternatives, I think the picture is pretty bleak, to tell
>the truth.  The cryptographically sound way to prevent spoofing is
>with authentication of the agreed key.  But for the remote host to
>authenticate itself, it has to have a secret signature key.  Where to
>store it?  A typical machine, especially a multi-user, unattended server
>simply has no safe place to store keys.
....
There would be on a secure "multi-user, unattended server". They are not
easy to come by and they arn't really Unix. I don't get on my soap box very
often but I couldn't resist your execelent opportunity. I think that
security requires good crypto and good OS security. There are Orange book
rated systems that are rated to run hostile software in the same machine
with Top Secret information.