[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?
- To: ipsec@ans.net
- Subject: SMBs "Problem Areas for the IP Security Protocols"--where do we go from here?
- From: "marcus (m.d.) leech" <mleech@bnr.ca>
- Date: Fri, 22 Mar 1996 10:46:00 -0500
- Organization: Nortel Technologies, System Security Services
- Sender: ipsec-request@neptune.tis.com
- X400-Content-Type: P2-1984 (2)
- X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;<199603221546.AA242249560@bcarh6]
- X400-Originator: mleech@bcarh6dc.ott.bnr.ca
- X400-Received: by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Fri, 22 Mar 1996 10:46:11 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Fri, 22 Mar 1996 10:46:01 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Fri, 22 Mar 1996 10:46:00 -0500
- X400-Received: by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Fri, 22 Mar 1996 10:46:00 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Having read Steve Bellovins thoughtful paper, I'm not as depressed as I
could be.
Some things become clear after reading the paper:
If you care about confidentiality, then you must also care about
integrity/authenticity.
Replay is definitely a problem, particularly in light of UDP socket re-use.
Because of this, replay protection would need to be built into all three
of AH only, ESP only, AH+ESP.
It's likely that a combined ESP transform that provides all three of:
Confidentiality
Integrity/Authenticity
Replay protection
Would be a useful thing for us to do as a WG. Jim Hughes' document
is almost there, except for unkeyed MD5.
Bill Simpson has an all-in-one document that, at least superficially,
seems OK. I haven't seen any discussion of his document, I suspect due
to censure by the WG chairs.
Ran had said that Photuris, as it stands now, does not address all of the
requirements of a key-management protocol for endorsement by the
IETF. I'd Ran to review his perceptions of what those requirements are.
I know that I'm no longer clear on what the "hard" requirements are,
and I believe that there is some confusion about those requirements.
In view of Steve Bellovins recent paper, a new requirement has emerged of
a "special case" of rapid-rekey in that a block of SPIs (and associated
keying material) could potentially be negotiated in a single key management
exchange. This seems to me to be a useful model to investigate; particularly
in those situations where a given host may need to rapidly establish
security associations to a number of other hosts, but security requirements
indicate that per-connection/session keying is desirable.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBMVLLNap9EtiCAjydAQEZvAH9GcI7zjTwTpxzPFUlztyqsYma5S6DaozP
rPoU2pc5voD44NpNmWn055W5WSty37KFQCon+eH9tdE6tNfkzAlYQQ==
=+NA0
-----END PGP SIGNATURE-----
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 4C16, MS 238, CAR
Systems Security Architect Phone : (ESN) 395-4901 (613) 763-9145
Systems Security Services Fax : (ESN) 393-7679 (613) 763-7679
Nortel Technologies mleech@bnr.ca
-----------------Expressed opinions are my own, not my employers------
Follow-Ups: