[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A Photuris variant

>Are you trying to communicate with the home's system or somebody behind that
>system (e.g., a particular user)?

Doesn't really matter. IPSP is designed for host-to-host security at
the IP level, although it may also be used in a gateway-to-gateway or
host-to-gateway mode.

Let's pick the last mode. I set up a central IPSP gateway at Qualcomm
and encourage its use by all of our many traveling employees. Then I
too go on the road with my laptop and wish to log back into my
workstation at Qualcomm to get my mail. I would much rather do this in
a way that didn't let an eavesdropper know where I am. That means not
sending in the clear anything that would identify myself to
eavesdroppers, including the credentials I must send to the IPSP
gateway to authenticate myself. With Photuris as I've specified it,
all a passive eavesdropper could tell is that *someone* on a
particular network is communicating with something inside Qualcomm;
they couldn't tell *who*.

Now it is true that if I ran IPSP on an end-to-end basis from my
laptop to my office workstation, servo.qualcomm.com, then an
eavesdropper who knew that I am the only user of that particular
workstation could reasonably infer my location from seeing servo's IP
address on the packets I generate from the road. But I could address
this problem by nesting two IPSP security associations, one between my
laptop and the end system and the other between my laptop and the
central gateway.

I've said it before and I'll say it again -- traffic analysis is
*important*. It doesn't get nearly the attention that it should in the
civilian world.