[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some thoughts on the Chinese Net



>The more complex portion (from my perspective, at any rate) is a
>modification of the standard TCP/IP protocol, requiring that each packet
>be signed by its originating user.

That's the killer.  Signatures take a huge amount of CPU time.  Signing
each packet is not going to be cost effective.

However, they could have an authenticated key exchange and then symmetric-
encrypt each TCP/IP connection.  That can perform -- and has the nice
side effect [from the Chinese POV] of depriving the NSA of Chinese civilian
net intelligence.  As long as the key exchange is signed, everything
travelling using that key is authenticated implicitly.

+--------------------------------------------------------------------------+
|Carl M. Ellison          [email protected]   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+