[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's attack and others like it
I think that just because there might be a solution to the
specific attack suggested by Steve doesn't mean that this
solution is general enough for all attacks, as pointed out
by Dan Nessett. Thus, I agree that requiring an integrity
check on all encrypted data is a must.
On another note, I think it is vital to include all types
of key management schemes for IPSEC. For example, if I
already have an installed Kerberos base in my organization,
and I want to use it for key management for IP, there should
be nothing in the standard keeping me from doing this.
Now, I have a totally different question. At the IETF in
Danvers, I asked many people that are implementing key
management, how do you do key management over IP when your
policy indicates that all IP traffic must be encrypted?
The answer I got from everyone is that you somehow mark
the key management packets so that they are allowed. Doesn't
that violate the independence of the layers in the network?
If I can mark packets as regular IP or key management IP,
where do I do this marking? In the kernel? Nobody I talked
to has actually implemented key management, encapsulation
and a policy. Shouldn't there be something in the standard
that mandates or recommends how to achieve all three?
Avi Rubin
*********************************************************************
Aviel D. Rubin Email: rubin@faline.bellcore.com
Bellcore (MRE-2M354) ftp://thumper.bellcore.com/pub/rubin/rubin.html
445 South St.
Morristown, NJ 07960 Voice: +1 201 829 4105
USA FAX: +1 201 829 2645
Follow-Ups: