LSR and packet filters

Alex "Mr. Worf" Yuriev alex at
Sun Sep 14 07:49:44 UTC 1997

> >>   a packet transmitted between two nonfaulty end systems A
> >>   and B will have a high probability of being delivered,
> >>   provided that at least one path consists of nonfaulty
> >>   components connects the two end systems. [...] The
> >>   network layer makes no attempt to keep conversations
> >>   private.  If privacy is necessary, encryption must be
> >>   done at a higher layer. Also, the network layer need not
> >>   certify data that it delivers.  For instance, it is
> >>   possible for some malicious node C to generate data, get
> >>   it delivered to B, and claim that the data was from A.
> >>   It is up to the higher layer in B to differentiate
> >>   between corrupted or counterfeit data and real data,
> >>   using known cryptographic techniques".
> >
> >Well, then he is *WRONG*. Authentication and privacy should be a function
> >of the network layer, not the application layer because it is a lot easier
> >to attack application layer encryption compared to lower layers.
> Radia is a she.  Anyone who has been in this field for more than 2 years
> should know that even if you can't guess what tli or pst or Yakov are :-)

Quoting Marcus Ranum: "I do not care who or what that is as long as it
makes sense". 


More information about the NANOG mailing list