Path: utzoo!attcan!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!ucbvax!MIRSA.INRIA.FR!Christian.Huitema
From: Christian.Huitema@MIRSA.INRIA.FR (Christian Huitema)
Newsgroups: comp.protocols.iso
Subject: Re: Upper layers security
Message-ID: <8907031232.AA09426@jerry.inria.fr>
Date: 3 Jul 89 12:32:16 GMT
References: <17949.8906301144@vega.topexp.co.uk>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 18

Encryption should indeed be provided with the presentation service, as
the data to encrypt will have to be encoded in ASN1-BER or something
equivalent before encryption. However, the semantics of the P-protocols
dont make the provision of encryption ``as an alternative transfer
syntax'' very easy:

* there is no place to convey a key negociation, you can only refer to
syntaxes by their OID,

* it should be negociated separately for each presentation context,

* and it is hard to perform the P Protocol in hardware.

I have the feeling that encryption would be better dealt with at the
transport or network layer. For example, one could place a key
negociation within the Transport connection negociation.

Christian Huitema