[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "user" and "network layer" security mechanisms.




One observation:

The people working on other protocols requiring security (TLS, L2TP, LDAP,
and probably others) have all been overheard saying the same thing:

	Wouldn't it be nice to have a single key negotiation protocol for
	IPsec *and* for our protocols?

So, Before we run around in a frenzy removing 'user oriented keying', we
should remember that AH/ESP are no longer the only customers of an IPSEC WG
key management protocol.

-- 
Harald Koch
chk@border.com

From: Hilarie Orman <ho@earth.hpc.org>
Message-Id: <199608261512.LAA23989@earth.hpc.org>
To: ipsec@TIS.COM
Subject: no SKIP/ISAKMP/OAKLEY resolution
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Date: Mon, 26 Aug 96 11:09:36 EDT

The design group attempting to combine SKIP/OAKLEY/ISAKMP into one protocol
has been unable to resolve deeply held technical differences of opinion.
Some progress was made initially, but there has been no change in several
weeks now, so I must report failure, with great disappointment.

In my opinion, this was a group effort and a group failure --- I
exhort the greater working group to find quick agreement on goals
and an acceptable solution.

Hilarie Orman



Date: Mon, 26 Aug 1996 12:12:22 -0400
To: karn@qualcomm.com, netsec@panix.com
From: Robert Moskowitz <rgm3@chrysler.com>
Subject: Re: "user" and "network layer" security.
Cc: ipsec@TIS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Message-ID:  <9608261235.aa08927@neptune.TIS.COM>

At 07:15 AM 8/26/96 EDT, Phil Karn wrote:
>
>My original desire for security just above IP was to solve an
>immediate and well-defined problem: when I use the network at an IETF
>meeting or a USENIX, how can my laptop get back through my company's
>firewall in a safe and secure fashion?

Funny, that is what I define as 'user' the 'user' of the laptop.  This
thingee ain't never going to work for the 'user' of a terminal attached to a
terminal server.  At least the way terminal servers are working these days.

>
>Furthermore, there has been considerable progress in public-key-based
>application-layer security in the past several years. We now have PGP
>for email and files, SHTTP for the web, and SSH for remote login,
>command execution and file transfer. Unlike IPSEC, I use all three
>every day, and they work.  SSH seems likely to develop into a general
>purpose transport layer security mechanism that satisfies much (though
>not all) of the need for end-to-end Internet security. So our
>idealistic idea of avoiding all that application layer work has been
>almost completely overtaken by events.

I still don't feel comfortable with transport layer security mechanisms like
SSL (that you did not list).  I am going to need a good run-through by
someone that is not a proslytizer for it, but very well versed on the subject.

You see, I work with Venn diagrams in my head (sometimes I still draw them).
I have this one that has network layer security and data layer security and
it leaves very little left for transport layer security.  Most seem to have
data layer as a nitch player (securing mail), I have it as a major component
and with the cost of cpus and security engines better for many of the things
that SHTTP gets used for today.  Being part of an industry with general
distrust but major partnering, I need for the policy to be bound to the object.

>In this light, SKIP keeps looking better to me all the time. Its claim
>to the "simple" label certainly keeps getting stronger.  The only real
>problem I've ever had with it was the lack of perfect forward secrecy
>(PFS) in the original design. But that's in there too. So other than
>the lack of support for a facility (user-oriented keying) that we
>can't really do properly anyway, what's wrong with it?

I am working on my list of items that makes Oakley (and GKMP, did you see
the drafts just released?) on ISAKMP as the better mechanism for a
inter-business security.  SKIP, it looks like can be made to work for the
intra-business model.  After all it is simple and inter-business is not.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212