what security do we need?

[Steve Kent <kent@BBN.COM>]

Paul,


>Do you contend that remote login is such a case?  To add to the list
>of people "helping" Phil to define his point, a fully-encrypted tunnel
>rlogin provides an easy-to-grasp level of security.

Any procedure that includes rlogin is already suspect in terms of
security :-).

In part, the question is where does the encryption start and end?  If
it starts at a firewall from my site and ends at a firewall at your
site, then any security breech within either site is capable of
capturing passwords that are protected along the path between our
sites.  If the path is at the end points, then Phil's argument does
not apply, because he argued against the administrative overhead of
per-host administration of the parameters required for end-to-end
authentication, which are essentially the same as those required for
end-to-end encryption.

>One can then read mail without outside observers.

Yes, but who is outside?  PEM or other email secuity technology
addresses the email reading problem, providing protection even against
nosey LAN administrators.

>One can then download and upload files without exposure.

Yes, and if the files need to be proceted against disclosure
encryption is the right answer.  But where have those files been?  if
the provenance of the files is important, a digital signature facility
for the files might be the best technique, irrespective of the use of
crypto for confidentiality.

>One can use the tunneled-to firewall to allow further logins with
>passwords in the clear but no exposure outside the firewall.

Yes, but opportunities exist for password snatching within the local
environment and they would probably be exploited by attackers if we
choose to emphasize layer 3 encryption over, lets say, use of S-Key
and analogous challange-response schemes.

>Integrity, authentication, and the rest are all nice adjuncts, but are
>aimed at attacks that are active, and hence more detectable.

I disagree, in part.  Bind-time authentication is the basis for access
control to hosts, net resources, etc.  Continuous authentication
protects against active attacks.  As you note, active attacks are
easier to detect, but detection is not the same as prevention, as
anyone whose house has been robbed will tell you.  

>Its hard to avoid the impression that attempts to sell users on
>various types of security without privacy on technical grounds are
>really trojan horses for policy issues.

Come now, Paul, don't turn into a conspiracy theorist.  I've been
building network layer encryption systems (ones that focused on
encryption rather than authentication) for over 15 years.  Some worked
end-to-end, while others acted at what you would consider to be
firewall boundaries.  The first ones I built used DES.  I think I
understand the advantages of each approach, and I am sensitive to the
concerns of vendors who want to be able to ship products overseas with
minimum hassle.

	If we take an all-or-nothing approach, by emphasizing
encryption over more exportable forms of crypto, then we run a risk of
substantial delay if export controls are not loosened, or we encourage
people to use weak (or escrowed) crypto algortihms than can be easily
exported.  Getting layer 3 crypto into operating systems is not a task
easily effected by users, in contrast to applications like email that
tend to reside outside of OS boundaries.  It requires lots of vendor
cooperation to cause this to happen.  If vendors are concerned about
the exportability of products with good encryption ...

Steve

---

• Prev by Date: Re: swIPe stuff
• Next by Date: Re: swIPe stuff
• Prev by thread: Re: swIPe stuff
• Next by thread: Encryption flamefest
• Index(es):
  • Main
  • Thread