[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-saag
Subject:    Re:  Internet-Drafts@ietf.org: I-D ACTION:draft-rfced-info-ryckman-00.txt
From:       der Mouse <mouse () Holo ! Rodents ! Montreal ! QC ! CA>
Date:       1997-01-08 18:00:31
[Download RAW message or body]

[Wow, this list _does_ get some traffic after all!  I was beginning to
wonder. :-]

[From Perry]
> Maybe we ought to comment on certain aspects of this before it
> becomes an RFC.

[The draft in question]
>        Filename  : draft-rfced-info-ryckman-00.txt

> This document suggests a method for delivering alarm information over
> the Internet.  All communication shall use an encryption algorithm
> for transmission of the data.  [...]

> Due to the required security of the data being transmitted, the
> encryption algorithm used will only be released on a need to know
> basis to software developers in the Alarm/Security Industry.  A
> non-disclosure agreement will be required.

This is a very bad idea.  It sounds like someone who doesn't know
anything about cryptography inventing an encryption algorithm and
depending on secrecy of the algorithm, rather than secrecy of the keys,
for security.

It also means that the resulting spec would be insufficient to produce
an implementation, since it would not contain enough details to get the
"encryption" right (I put the term in quotes because as I implied
above, I suspect the algorithm they wish to use is so weak as to hardly
deserve the name).

The draft also says that "normal Email" could be used, except that it
"would not provide immediate notification of receipt" and "would open
the system up to tampering from external sources".  The former can be
addressed trivially with a return email message; the latter can be
addressed most obviously by encrypting the body of the email, or even
just signing it with PGP or its moral equivalent.

By the way, being new to this process...is the saag list the
appropriate forum for comments such as these, or should I send them
somewhere else?  It's not clear from skimming the draft where comments
should go.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

[prev in list] [next in list] [prev in thread] [next in thread]