[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A Photuris variant



Phil,

In your example below there is no reason for the mobile user not to
carry the workstation's public key in his laptop.
In that case, my solution works fine (without requiring a first
unauthenticated DH exchange).

Of course, in some cases a user (even a non-mobile one) will need to
find a PK that is not available to her. The level of protection
for such a query will depend on where and from whom you are getting
that information. For example, in the case of a DNS query, an
eavesdropper can find out whose PK you are requesting, regardless
of the key management protocol you use.

I agree that in some cases, having a DH exchange first may help.
That option may be easily added to my proposal.
However, I would prefer to avoid non-typical cases from dictating
the form of the default protocol.

Now, if the need for DH first is "more typical" than I believe
we can modify the (basic) protocol in that way.

Hugo

----------------------------- Note follows ------------------------------

>Are you trying to communicate with the home's system or somebody behind that
>system (e.g., a particular user)?

Doesn't really matter. IPSP is designed for host-to-host security at
the IP level, although it may also be used in a gateway-to-gateway or
host-to-gateway mode.

Let's pick the last mode. I set up a central IPSP gateway at Qualcomm
and encourage its use by all of our many traveling employees. Then I
too go on the road with my laptop and wish to log back into my
workstation at Qualcomm to get my mail. I would much rather do this in
a way that didn't let an eavesdropper know where I am. That means not
sending in the clear anything that would identify myself to
eavesdroppers, including the credentials I must send to the IPSP
gateway to authenticate myself. With Photuris as I've specified it,
all a passive eavesdropper could tell is that *someone* on a
particular network is communicating with something inside Qualcomm;
they couldn't tell *who*.

Now it is true that if I ran IPSP on an end-to-end basis from my
laptop to my office workstation, servo.qualcomm.com, then an
eavesdropper who knew that I am the only user of that particular
workstation could reasonably infer my location from seeing servo's IP
address on the packets I generate from the road. But I could address
this problem by nesting two IPSP security associations, one between my
laptop and the end system and the other between my laptop and the
central gateway.

I've said it before and I'll say it again -- traffic analysis is
*important*. It doesn't get nearly the attention that it should in the
civilian world.

Phil