--On Monday, June 8, 2020 19:39 -0700 Christian Huitema <huitema@xxxxxxxxxxx> wrote: > >> On Jun 8, 2020, at 7:18 PM, John C Klensin >> <john-ietf@xxxxxxx> wrote: >> >> Yet, unless I have completely >> misunderstood, much of the conversation has been about methods >> that were designed for privacy protection using encryption >> with integrity protection being nothing but a necessary >> side-effect. > > Encryption without authentication is subject to a variety of > attacks such as truncating messages, splicing them, or > changing the encrypted text. That's why most modern encryption > systems provide authentication at the same time as encryption. > So it is much more than "a side effect"... Christian, Perhaps a poor choice of words. While it feels to me as if we are quibbling about fine points of terminology, most likely I'm missing something important, so let me try again, noting your "most" and skipping over the question as to whether "integrity protection" and "authentication" are the same thing and using more words than many people seem to prefer. Because integrity protection comes with most modern encryption systems, there are two ways to approach integrity protection for data transmission. One is to encrypt the transmission, thereby getting the benefits of the associated integrity protection as well as privacy protection. The other is to concentrate on integrity protection methods that leave the transmission payload in clear (at least as far as the data transmission system is concerned [1]). Historical experience going back centuries indicates that, from time to time, some governments --often driven by law enforcement or national security agencies and considerations -- have become anxious about encryption methods strong enough to impede their access to the encrypted data. Their proposed mechanisms for dealing with those concerns have including laws and regulations requiring parties with access to the cleartext versions of those data on request, government-accessible backdoors into encryption technologies, government access to decryption keys, and outright bans on the use of strong encryption at least under selected circumstances or by selected parties. Demands for access to encrypted data or restrictions on the use of encryption have occurred in several countries in recent years. Even while resisting such demands as hostile to, among other things, personal privacy and secure commercial transactions over communications networks, it is sensible for us to make thoughtful and considered decisions about network design that include, at least, fallback strategies against the possibility of bans or several restrictions on cryptography that would affect non-trivial portions of the Internet. By contrast, mechanisms that merely provide integrity protection without resort to encryption have never faced the same level of government scrutiny as encryption. Is that better? thanks, john [1] Information encrypted prior to transmission and decrypted only subsequent to receipt are not discussed here.
