[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WG last call for IPv4 AH and ESP

To: atkinson@itd.nrl.navy.mil
Subject: Re: WG last call for IPv4 AH and ESP
From: ashar@osmosys.incog.com (Ashar Aziz)
Date: Wed, 22 Feb 1995 11:39:29 -0800
Cc: ipsec@ans.net


> From ipsec-request@ans.net Wed Feb 22 05:41 PST 1995
> Ashar,
> 
>   Put your key mgmt stuff on its own UDP port and it will work fine.

I am not sure how putting a zero-message key-management protocol
on a separate UDP port helps. What will the port be used for?

>   ESP and AH do not and have never been intended to include key mgmt
> data at the IP-layer.  There is no need for such modifications and
> they would violate the design goal of keeping those specifications
> entirely independent of any specific key management protocol.  Such
> independence is critical given the long history of key management
> protocol vulnerabilities discovered long after initial public review
> (for a well known example, trace the history of Needham & Schroeder
> 1978, then Denning & Sacco 1981, then Needham & Schroeder 1981, etc.)
> The IPv6 Security Architecture document makes it explicitly clear that
> support for in-band key management is not a design goal and that
> independence from any particular key management (i.e. couple them only
> via SAIDs) is an explicit design goal.

As currently specified, the protocols are not independent of 
key-management. They assume a certain kind of key management and
preclude other kinds. I am not saying that a particular kind
of key-management should be mandated. I am saying that a particular
kind of key-management should be *permitted*.

> I believe there is in fact rough consensus in this WG that Photuris
> is the direction to take for a 'mandatory to implement' standards-track
> key mgmt protocol.  

Well I am not sure how to guage this, but this statement seems to
be inconsistent with your statements above. Namely, if even after a
long review key-management protocols can contain weaknesses, how
can the WG be assured that given the short amount of time that Photuris 
has been reviewed that it doesn't contain serious flaws?

As I recall, the Photuris draft was published the day the last 
IETF meeting began. Apart from people who may have looked at previews 
of it, the rest of the WG certainly could not have done an extensive
analysis of it for the last IETF meeting. This only then leaves
e-mail discussions, of which the only round I recall were those
that discussed vulnerabilities of the Photuris approach.

I think it would be a great disservice to this group to ramrod
a particular approach without considering all the issues, and
without a careful analysis of the various pros and cons. An 
example of the sort of issues that need to be considered is the 
example of protected ICMP messages that Dan Nessett raised.

Based on what I have seen so far on this mailing list and the various 
IETF ipsec meetings, I dont believe that the required analysis has
taken place; and it certainly hadn't taken place by the time
of the last IETF meeting, which would've the only time a rough 
consensus could have been guaged. (As it turned out, the protocol
that was presented at the IETF meeting did in fact contain serious 
weaknesses, as acknowledged by Phil).

Regards,
Ashar.

Follow-Ups:

Re: WG last call for IPv4 AH and ESP

From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>

Prev by Date: Re: Triple DES passed ANSI X9
Next by Date: Re: WG last call for IPv4 AH and ESP
Prev by thread: Re: WG last call for IPv4 AH and ESP
Next by thread: Re: WG last call for IPv4 AH and ESP
Index(es):
- Main
- Thread