Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!decvax!ucbvax!sdcsvax!mod-os
From: mod-os@sdcsvax.UUCP
Newsgroups: mod.os
Subject: network security
Message-ID: <2416@sdcsvax.UCSD.EDU>
Date: Mon, 5-Jan-87 13:34:48 EST
Article-I.D.: sdcsvax.2416
Posted: Mon Jan  5 13:34:48 1987
Date-Received: Mon, 5-Jan-87 19:20:31 EST
Sender: darrell@sdcsvax.UCSD.EDU
Lines: 24
Approved: mod-os@sdcsvax.uucp

--

From: jqj@gvax.cs.cornell.edu (J Q Johnson)
Reply-To: jqj@gvax.cs.cornell.edu.cs.cornell.edu (J Q Johnson)
Organization: Cornell Univ. CS Dept. Ithaca NY

Re: secure transmission media.

One should be careful to distinguish various possible security threats and
decide which ones one wants to address.  For example, it is much easier to
prevent forgery than to prevent passive wiretapping.  On an Ethernet,
the only way to prevent wiretapping is encryption of the data, which is
currently too expensive (the NBS encryption chips are generally not fast
enough to keep up with Ethernet bandwidths).  Various schemes exist for
preventing forgery.  Interested readers should look at the Xerox
Authentication protocol (XSIS 098404), which provides for an Authentication
server on the network and uses private-key encryption of credentials to
insure that clients and servers can trust each other.  It's a nice
design -- too bad the tcp/ip community hasn't adopted it.

A similar scheme from the tcp/ip community is the SUN NFS authentication
(Goldberg & Taylor, Usenix 1986) proposal.

--