In message <961002.235706.1R8.rnr.w165w@sendai.scytale.com>, Roy M. Silvernail writes:
What threat model does this address?
snooping the link
It'd be link encryption, where the best security is found in end-to-end encryption.
Encrypting at higher levels involves a different effort/cost tradeoff that doesn't do much better at addressing the threat mentioned above. AFAIK, application-level involves modification of every app we are interested in, and network or transport level should probably best wait for IPv6. I think link-layer is best for what we need. Come to think of it I've never seen papers on this kind of issue, probably because I haven't looked. Anyone got any URLs/bibliorefs to a paper on the benefits of encryption or authentication at the different levels of the OSI or other network models? Thinking about it a bit more, if you only encrypt, say, telnet then you've got a pretty predictable plaintext stream. If you encrypt the entire link level properly then it might be much harder to isolate the nonvariant bits of the protocols since the port and that kind of header info is not available to the attacker at that level.