> Applications can gain a lot of security by building on top of a lower > layer secure communication substrate, such as that provided by IPsec > or TLS. Such substrates allow the application developer to make > assumptions about the security of the basic communication path, and > have these assumptions be valid. Precisely the sorts of things you > are citing as "bad" can be addressed in this way. Fancier > application security requires some level of customization, perhaps in > an application-specific fashion, as you noted. I beg to differ. Few applications can use IPsec or TLS authentication as-is. A few more can get away with using username/password schemes on top of IPsec or TLS privacy. But neither IPsec nor TLS is anything resembling a generally applicable authentication solution. Keith
- Re: recommendation against pu... Valdis . Kletnieks
- Re: recommendation against pu... Daniel Senie
- Re: recommendation against pu... Dennis Glatting
- Re: recommendation against pu... Theodore Y. Ts'o
- Re: recommendation against publication... Keith Moore
- Re: recommendation against public... Stephen Kent
- Re: recommendation against pu... Keith Moore
- Re: recommendation against pu... Stephen Kent
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Stephen Kent
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draft-ce... Peter Deutsch
- Re: recommendation against publication of draf... Keith Moore
- Re: recommendation against publication of ... Theodore Y. Ts'o
- Re: recommendation against publication of ... Peter Deutsch
- Re: recommendation against publication... Keith Moore
- Re: recommendation against publication of draf... Bill Sommerfeld
- Re: recommendation against publication of ... Patrik Fältström
- Re: recommendation against publication of draft-cerpa-n... Vernon Schryver
- Re: recommendation against publication of draft-ce... Valdis . Kletnieks
- Re: recommendation against publication of draft-cerpa-n... Vernon Schryver