17 Dec
2003
17 Dec
'03
11:17 p.m.
Bill Stewart writes:
They could use no stock software, and they would grind every machine in the country to its knees doing the signatures. RSA signatures aren't cheap.
Could you use IPv6 / IPSP authentication to do the job?
Yes, they could. (Its IPSEC these days, by the way). However, again, I don't think it will do them much good, especially since forcing people to deploy strong cryptography everywhere isn't in their best interests. They could try only doing the AH part of the protocol, of course, but even then, using forged, stolen, or otherwise ingenuine credentials isn't that hard. Crypto isn't a panacea, and if you can't trust both endpoints its hard to trust the crypto itself... Perry