[3488] in cryptography@c2.net mail archive
The IAB: IAB statement on "private doorbell" encryption
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Oct 16 11:58:45 1998
To: cryptography@c2.net
Date: Fri, 16 Oct 1998 11:36:48 -0400
From: "Perry E. Metzger" <perry@piermont.com>
--Multipart_Fri_Oct_16_11:36:47_1998-1
Content-Type: text/plain; charset=US-ASCII
I thought this would be of interest.
--Multipart_Fri_Oct_16_11:36:47_1998-1
Content-Type: message/rfc822
To: IETF-Announce: ;
Subject: IAB statement on "private doorbell" encryption
From: The IAB <iab@ietf.org>
Date: Thu, 15 Oct 1998 10:35:10 -0400
The IAB and IESG are concerned by published descriptions of the
"private doorbell" approach to resolving the encryption controversy.
Essentially, the private doorbell requires that encryption and
decryption be done at a gateway, rather than at an end system; see
http://www.cisco.com/warp/public/779/govtaff/policy/paper/paper_index.html
for one description. This is in conflict with the "end-to-end"
principle, a fundamental tenet of the Internet architecture. While
there is certainly a place for gateway-based encryption in some
circumstances, to require it in all places (and to exclude end-to-end
encryption) would warp the protocol structure. Furthermore, it
offers a significantly lower level of security, in that there is
no longer protection against inside attacks, which by all accounts
are a serious threat.
In addition, putting all security at the gateway ignores the need
for different levels of protection in different situations. For
some applications, encryption to the gateway may suffice. Others
may require encryption and cryptographic authentication of the
individual machine or even user. Should a strong encryption
algorithm be used, or a very efficient one? It is very difficult
to make these decisions anywhere but the end-system. But the
"private doorbell" scheme would block deployment of such fine-grained
protection.
--Multipart_Fri_Oct_16_11:36:47_1998-1--
