[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: iab-retreat@isi.edu
From: karn@qualcomm.com (Phil Karn)
Date: Wed, 23 Feb 1994 14:18:59 -0800
Cc: mobile-ip@ossi.com, ipsec@ans.net

At the IAB retreat and elsewhere, several people said that
confidentiality (e.g., encryption) and authentication are separable,
orthogonal issues. This didn't sit right with me, and I think I know
why.

Although encryption and authentication may be orthogonal in a
theoretical sense, in practice this is not always true. In particular,
encryption at some lower level than end-to-end is often a highly
pragmatic substitute for end-to-end authentication. It can certainly be
easier to deploy quickly.

For example, in the terminal room at the last IETF I ran software on my
laptop that constructed an encrypted IP tunnel back to my company's
network. This let me access any machine on that network, including the
vast majority that accept only ordinary passwords, without any
passwords appearing in the clear outside the company.

Setting up a secure tunnel is easy, since only one machine back on the
company network (the other end of the tunnel) is aware of it. It
decrypts incoming packets and routes them back out to the net. The other
hosts couldn't care less.

Without encryption I would have had no real choice but to install some
form of secure end-to-end authentication (eg, S/KEY) on *every* machine
I wanted to access remotely. Of course, I could have installed S/KEY on
only one machine and then set up /etc/hosts or .rhosts entries on all
the other machines to trust the S/KEY machine, but everyone knows how
dangerous a permissive /etc/hosts file can be. (A moral here is that
simply clamping down on .rhosts files can actually *worsen* security if it
merely forces people to type their passwords in the clear over untrusted
networks that much more often.)

So I think encryption has a very important role to play in quickly
dealing with the problem of plaintext passwords on the net. And the NSA
deserves a lot of the blame for the present sorry state of internet
security; they may try to distinguish between crypto for authentication
and crypto for privacy, but the near-term practical distinction is bogus.

Phil

Follow-Ups:

No Subject

From: "Perry E. Metzger" <pmetzger@lehman.com>

Prev by Date: Re: Comments on IPSEC work
Next by Date: No Subject
Prev by thread: Re: Comments on IPSEC work
Next by thread: No Subject
Index(es):
- Main
- Thread