Firewalls: Re: Firewalls Digest V3 #198

Firewalls
(June 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls Digest V3 #198
From:	dcrocker @ mordor . stanford . edu (Dave Crocker)
Date:	Wed, 22 Jun 1994 09:55:02 -0700
To:	brian @ lloyd . com (Brian Lloyd)
Cc:	Firewalls @ GreatCircle . COM

To reiterate a point made earlier:  There is a choice in placing the
security mechanisms in the protocol(s) that move the object(s) or in the
objects themselves.  PEM, PGP, RIPEM work on the email object.  Ident,
Kerberos, port checking work on the protocol.  Essentially, working on the
object means you get to ignore any concerns about intervening nodes.
Working on the protocol means that you need to establish a trust
relationship among all of the particpating nodes and, therefore, to know
ahead of time, a fair amount about the range of nodes.

Protecting the objects seems a much, much preferable approach, where it is
reasonable to do.  (E.g., I wouldn't suggest it for Telnet.)


Dave

+1 408 246 8253  (fax:  +1 408 249 6205)

Indexed By Date	Previous:	Re: SMTP mail spoofing From: doug @ seas . smu . edu (Doug Davis)
Indexed By Date	Next:	Re: Security policy From: sedayao @ argus . intel . com (Jeffrey C. Sedayao)
Indexed By Thread	Previous:	Re: Firewalls Digest V3 #198 From: brian @ lloyd . com (Brian Lloyd)
Indexed By Thread	Next:	SOCK's From: pau @ watson . ibm . com (Pau-Chen Cheng)