The Internet Protocol, the backbone of the Internet, is not a secure protocol. Although you can use an IP network securely, you need to apply cryptography on top of the IP network—in your application, for example.
You should assume that every piece of data that you send or receive over a network can be observed, recorded, and replayed by an attacker. Likewise, don’t trust any network traffic you receive without cryptographic authentication as proof of identity. I get chills down my spine every time I use ftp or telnet. Those applications still accept a password, in plaintext, as authentication. As we discussed in Chapter 6, it’s a bad idea to send a password over the network.
IPng (IP next generation) is a new protocol that can provide authentication and privacy at the protocol layer. If you’d like to read more, see http://playground.sun.com/pub/ipng/html/ipng-main.html.
presented in Chapter 10 and Chapter 11, show how you can use cryptography to provide
authentication and confidentiality in networked Java applications.
Even these applications, however, have some interesting shortcomings.
SafeTalk, for example. Even though it
contents of a conversation, it can’t conceal the existence of
the conversation. Even if your enemies can’t understand what
you and your friends are chatting about, you might not want your
enemies to know that you’re even talking.
CipherMail has the same property: Even though the contents of your ...