[Info-vax] "Linux Shminux - IPsec is Snake Oil!" VMS Mgmnt
Richard B. Gilbert
rgilbert88 at comcast.net
Fri Apr 10 12:36:43 EDT 2009
MetaEd wrote:
> On Apr 9, 10:30 pm, "Richard B. Gilbert" <rgilber... at comcast.net>
> wrote:
>> There are two basic reasons for using encryption: security and
>> authentication.
>>
>> Security means that you encrypt your traffic so that no one other than
>> the intended recipient can read it.
>>
>> Authentication means that you know who sent a message because he is the
>> only one who could have encrypted it using that key.
>>
>> Both situations tend to be rather rare. It's most unlikely, for
>> example, that anyone would bother to encrypt an order for eight cases of
>> Campbell's Tomato Soup!
>
> In the Internet Age the problem with your unencrypted soup order is
> Authentication. Otherwise I can terrorize you with soup you did not
> order and maybe deplete stocks that were really needed elsewhere---a
> DOS attack (Denial Of Soup).
Go ahead! Terrorize me with soup I didn't order. I won't pay for it!
I WILL make a reasonable daily charge for storing it until you come and
haul it away. And I won't release the soup until you DO pay the storage
charges. If you don't pay the storage charges I can legally sell enough
of your soup to collect those charges.
This sort of problem does not arise very often!
You will notice that, when you order something over the internet and pay
with a credit card, your browser switches from "http" to "https" while
you are entering your credit card details which means that that portion
of the transaction *is* being encrypted. The details of WHAT you order
are not usually encrypted.
More information about the Info-vax
mailing list