[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC requirements

To: mjr@tis.com (Marcus J Ranum)
Subject: Re: IPSEC requirements
From: Charlie Watt <watt@sware.com>
Date: Fri, 2 Sep 1994 13:27:44 -0400 (EDT)
Cc: bsimpson@morningstar.com, ipsec@ans.net
In-Reply-To: <9409021347.AA20376@tis.com> from "Marcus J Ranum" at Sep 2, 94 09:47:01 am
Sender: Charlie Watt <watt@sware.com>

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate:
 MIIBwDCCAWoCEQC43J7oZ50NWTRSVBShvvaXMA0GCSqGSIb3DQEBAgUAMFkxCzAJ
 BgNVBAYTAlVTMRgwFgYDVQQKEw9TZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNl
 Y3VyZVdhcmUgUENBMRcwFQYDVQQLEw5FbmdpbmVlcmluZyBDQTAeFw05NDA0MDUx
 NzA2NDJaFw05NTA0MDUxNzA2NDJaMHAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9T
 ZWN1cmVXYXJlIEluYy4xFzAVBgNVBAsTDlNlY3VyZVdhcmUgUENBMRcwFQYDVQQL
 Ew5FbmdpbmVlcmluZyBDQTEVMBMGA1UEAxMMQ2hhcmxlcyBXYXR0MFkwCgYEVQgB
 AQICAgQDSwAwSAJBDNmUqe2+nqg6iuUWzxaXegxki426RzmVNO6VHHYCV4nbo/WL
 X9a7Jn/2nWqZUK/l+RXqCHU/21Ur9jFIt4GNHhcCAwEAATANBgkqhkiG9w0BAQIF
 AANBAEY6kP5jHqK9B9PhZCCJ9mckYuKMufWr7l61LulXGwUTqFzjFC0MOYwXo5s+
 8lqrLQ7YpTzyE74pKR1cl5TAUU4=
MIC-Info: RSA-MD5,RSA,
 CEYgppx/IOBfjD8vBOYcL/yh1ezAJ2BZSzMum7/6Ym/b2yVc8k7qwAmXGkxvf1Pm
 Em7FKGfNdKxhoWcqKeY7lVc=

X-Sensitivity-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED
X-Information-Label: 1,CMW+3.0/SCO_2.1/sware.com,UNCLASSIFIED

> 
> >The trust boundary is the trusted machine.
> >I don't care about unsecure machines.  Let them die.
> 
> 	That's exactly what I mean.
> 
> 	If the trust boundary is your trusted machine, you can't
> assume that data from an untrusted machine is authentic. Even if
> it's authenticated and has the IP security stamp of approval.
> After all, if it's an unsecure machine, it should be trivial
> for an attacker to pretend to be an authorized user on your
> machine. So your machine can't trust it, and you've gone and
> built a firewall *EXACTLY* like the ones that are out there
> today, where the only machines that trust eachother are the
> ones you own.

Marcus, your basic point that you must trust the remote systems with which
you are authenticating is correct.  But network level security buys us
far more than we get with today's firewalls.  With today's firewalls you can 
only build a defense perimeter around those hosts that have direct physical
connections over those LANs/WANs that YOU directly control, and over which
you can guarantee absolute physical security.

With cryptographic protection at the network level providing peer-host
authentication, data integrity and data confidentiality, you can extend
your defense perimeter out over the unprotected networks to encompass
all of those machines that you control or trust, where ever they may
be.  This is a big win for any organization, or for any distributed service,
that spans more than a single LAN.

Charles Watt
SecureWare, Inc.

-----END PRIVACY-ENHANCED MESSAGE-----

References:

Re: IPSEC requirements

From: Marcus J Ranum <mjr@tis.com>

Prev by Date: Re: CBCC
Next by Date: Re: IPSEC requirements
Prev by thread: Re: IPSEC requirements
Next by thread: Re: IPSEC requirements
Index(es):
- Main
- Thread