[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nodes and Users

To: ipsec@ans.net
Subject: Re: Nodes and Users
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Tue, 24 Oct 95 12:53:16 GMT

> From: smb@research.att.com
> The syntax and certificate issues are important, but they're not what
> I'm talking about.  Here's the relevant passage from section B.1 of
> Draft 5:
> ...
>       Each party implements local policy that determines what access, if
>       any, is granted to the holder of a particular identity.
>
> In other words, an IPSP end-system has to make authorization decisions
> based on some string whose syntax and semantics are both unspecified.
>
Absolutely.  This is particularly easy, since these particular
authorized Nodes and Users are preconfigured.


> Let's look at possible ways that IPSEC can be used.  One is gateway-to-
> gateway encryption, to support private virtual networks.  In that case,
> the (decrypted) IP address of the sender may be important for authorization.
>
It is a design principle of Photuris that IP addresses are _NOT_ used
for authorization.  See page 1.


> We can also use IPSEC, and hence Photuris, for host-to-host encryption.
> Again, the receiving system needs to know the IP address of its peer,
> not just the domain name.  For that matter, when the sender tries to
> to do automated Photuris negotiation, it also wants a key tied to IP
> address.  But the user wants a key tied to the DNS name, since that's
> the entity a user is dealing with.
>
It is a design feature of Photuris that IP addresses are _NOT_ tied to a
particular user identity.  See page 7.


> Finally, IPSEC can be used for user-to-user encryption.  This format
> is properly supported by the Photuris mechanisms, but only because
> the string user@domain can be treated as an opaque quantity.

Correct.  Indeed, the identity need not even be a string.  It could be
any number, such as 1234 with 12 significant bits!

As you say, it is an opaque quantity.


> there is no
> real assurance of the identity of the other party.  We may as well
> fall back to straight Diffie-Hellman, since if we don't know to whom
> we're talking, authentication matters little.
>
I surely don't understand this point.  The text is quite explicit:

    Valid Identifications and secret-keys are preconfigured by the
    parties.  [page 47 in draft -05, page 49 in draft -06]

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: Nodes and Users
Next by Date: Re: Nodes and Users
Prev by thread: Re: Nodes and Users
Next by thread: Re: Nodes and Users
Index(es):
- Main
- Thread