Hacker News new | past | comments | ask | show | jobs | submit login

Layer 1 encryption doesn’t involve message integrity.



That's a weird assertion, but okay.

My only point was that by the modern standards we take for granted, OTP/XOR is not really a cryptosystem but better thought of as a primitive. IMO for those just learning crypto, it's a red herring that hides the core functionality of modern cryptography (see: the common amateur reinvention of using a PRNG as a OTP).

My answer to your main question is because encrypting layer 1 adds negligible security properties to the whole system (can't tap that link, but you can tap anywhere else), everything should already be encrypted at a higher level (for the previous reason, as well as integrity/authorization/etc), and that the bandwidth is too high (the entire point of packet switched networks is to do as little as possible in each node).

Applied to the existing Internet, the only thing it would gain is hiding addressing metadata from an attacker who directly taps a link.

A more effective general way of doing this would be something like onion source routing, where each router only knows the next hop. But once again the scalability problem, so the desire is better applied to an overlay network rather than convincing backbone providers to take this on - there is barely the impetus for IPv6.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: