[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's and Ashar's attacks
Ted,
Your suggestion that :
> We may need to take a step back
> and make sure we're all working from the same set of assumptions, as I'm
> not so sure that we are anymore.
is a good one. I suggest the following experiment in distributed collaborative
work. Let's try to come up with a list of requirements/goals for
IPSEC that we all can agree on. I will start the list (see below). Others
can add requirements, propose that two or more requirements are subsumed
in a more general requirement or object to requirements (and then post the
modified list with them removed - however, I propose that removing a
requirement should be supported by a well formed argument). If this experiment
works, we should all see various versions of the list being posted and
then finally converging to a common set. There are so many ways the experiment
can fail that I will not enumerate them.
IPSEC Requirements List
-----------------------
o The IPSEC protocols should support both IPv4 and IPv6.
o The IPSEC protocols should prevent an intruder with access to resources
within a network from changing data sent between a source and destination
that use these protocols without these changes being detected.
o The IPSEC protocols should prevent an intruder with access to resources
within a network from observing data sent between a source and
destination that use these protocosl, if such data is protected from
disclosure.
o The IPSEC protocols should be useable between two firewalls. However,
they provide no protection against attacks mounted from networks
or hosts located on the trusted side of either firewall.
o The IPSEC protocols should be useable between two machines. They should
counter attacks by intruders with access to both the intervening
network and as users of either machine. However, they will provide
no protection against intruders that successfully compromise either
machine.
Dan
Follow-Ups: