[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Human I&A, IPsec, and their non-relationship

To: atkinson@itd.nrl.navy.mil
Subject: Re: Human I&A, IPsec, and their non-relationship
From: uri@watson.ibm.com
Date: Thu, 15 Dec 1994 15:44:26 -0500 (EST)
Cc: ipsec@ans.net
In-Reply-To: <9412150938.ZM2919@sundance.itd.nrl.navy.mil> from "Ran Atkinson" at Dec 15, 94 09:38:57 am
Reply-To: uri@watson.ibm.com

Ran Atkinson says:
> I am glad we agree that application I&A is outside the scope of this
> effort.

(:-)

> I disagree that per-userid-keying is not useful.
> One widely used example is the problem of mutually suspicious users
> (Alice, Bob) on some host X where none of those users has special
> privileges (in UNIX terms, none of them are root).  In such a case
> when per-userid-keying is not provided, then user Alice can create
> arbitrary plaintext/ciphertext pairs between its host and another host
> Y in order to assist in Alice's cryptanalysis to determine what data
> Bob is sending to someone on host Y that Bob does not want Alice to
> know about.

So what? A trivial case of chosen plaintext attack? What's the big
deal about it?  Aren't you going  to require your algorithms be at
least chosen-plaintext-attack secure?

Also, in addition to that, not-brain-dead hosts would probably
update the keys before the amount of traffic encrypted by them
allows anything bad to happen.

> Using a separate key per userid will entirely preclude that attack
> strategy.

Again, this is only to secure host-to-host communications.  It's
more than likely, that security-cautious higher levels will have
their *own*  authentication and protection. For surely no sane
application is going to trust user A from host B just because
IP layer says so?


> That does not make per-userid-keying useless even for the low
> assurance implementations.  Contrariwise it means that the separation
> between users that is provided by the network has similar assurance
> characteristics to the separation between users provided by the
> operating system.

But... If I can break it at system/host level, I don't need to bother
with the network level at all. And if I can't break it on host level,
then it's VERY UNLIKELY I'd be able to get anything from network...No?

> I am not suggesting per-userid-keying primarily for use in
> application-layer I&A and I am not suggesting any particular approach
> to application-layer I&A.

Yes. But still, what are the goals/reasons for supporting
per-application SAIDs/keys? If only preventing chosen
plaintext attacks, I'd say - who cares.
--
Regards,
Uri         uri@watson.ibm.com      N2RIU
-----------
<Disclamer>

References:

Re: Human I&A, IPsec, and their non-relationship

From: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>

Prev by Date: Re: Proposal: Perfect forward (proactive) SECURITY a MUST
Next by Date: Re: Human I&A, IPsec, and their non-relationship
Next by thread: Re: IPSEC at Dec IETF
Index(es):
- Main
- Thread