Re: IPSEC requirements

[Marcus J Ranum <mjr@tis.com>]

>If we could only get authentication widely deployed, we won't need
>firewalls anymore.

	Unfortunately, this is dead wrong.

	If folks start relying merely on IP-level authentication
and encryption, then you'll very quickly see hackers posting
exploit scripts that let you slam kernel variables around to
cross-wire file descriptors and steal those nice, established,
end-to-end authenticated connections. They could do it now,
but they don't because other attacks are just so much easier.
The issues of maintaining a common security perimeter are
real toughies.

	I'm afraid the net will be stuck with firewalls forever.
That's because there's got to be something to enforce a trust
boundary, and it has to be under local control. That means I'm
not going to trust a component of your system to enforce my
trust boundary. No way, ever. All this stuff is going to give
us better and different and more interesting firewalls, but
I'll be really surprised if I see them vanishing. They'll look
different, but they'll still be there.

	[This is why I'm really interested in link-level
encryption *only* with a degree of tamper-proofing. All this
other authentication nonsense is not going to solve any of
the problems I think folks think it will solve. It's going
to push them a little deeper, but they'll still be there.
Distributing trust is a tricky problem that's not solvable
by mere network-level encryption, tamper-proofing, or
authentication.]

mjr.

---

• Prev by Date: Re: IPSEC requirements
• Next by Date: No Subject
• Prev by thread: Re: IPSEC requirements
• Next by thread: (Fwd) Authentication and encryption.
• Index(es):
  • Main
  • Thread