By the way, I'm very disappointed that this sort of topic doesn't come up here more often. I perceive that it may be because lots of people on this list are cyphergroupies and not actually tuned in to the technical issues of securing every-day communication. Futplex writes:
Could someone say a bit more about the perceived difficulties associated with secure network routing protocols ? TIA. ^^^^????
I am not at all optimistic about defeating DoS attacks....
The people building the new routing protocols (BGP, OSPF, etc) have included cryptographic security provisions in them that will work regardless of whether IPSEC is available. Some of these have to be hand configured but thats not actually a problem since peering in many of these systems has to be hand configured in the first place. I had a long talk with the Area Director for routing and such in the bar at the last IETF meeting and he gave me the impression the routing people are acutely aware of the problem and hope to assure that it disappears with time. Given cryptographic security on the routing packets, denial of service attacks directed against routing become hard. Photuris has built in protection against denial of service against it, by the way. With luck, we will be down to dealing with very crude denial of service attacks like packet flooding and hopefully we can come up with reasonable mechanisms to stop them in the ordinary case. Perry PS Again, I strongly encourage people to get involved in the efforts to secure the internet with IPSEC, MOSS and similar things. WE NEED YOU!