tech-net: Re: IP source address security issue

Subject: Re: IP source address security issue
To: Charles M. Hannum <mycroft@ai.mit.edu>
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
List: tech-net
Date: 01/28/1995 10:31:02

> It's not just overkill.  It's an unnecessary performance hit.

Whether it's necessary or not depends on whether you need good random
numbers.  If you're using cryptography in the system, you need good
random numbers -- and you may be willing to trade a dozen extra
instructions on each interrupt for good random numbers.

>    However, when NetBSD eventually
>    supports IP-layer security, it would be somewhat more useful.
> 
> What, pray tell, does `IP-layer security' *mean*?

Encryption and integrity protection of IP packets.

See the internet drafts of the IPSEC IETF working group and the
draft-metzger-* drafts, who wrote some of them..

					- Bill