[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

users and connections a futile waste of time

While taking a nice lovely long walk with the ex, prior to visiting my
parents for my 40th tomorrow, I had a twinge of memory.  I came home to
check the Bellovin paper "Problem Areas for the IP Security Protocols",
and sure enough, there it was....

Bellovin states that the primary defense is "per-connection or per-user
keying".  He relies on "the authentication transforms [to] protect the
integrity of the message".

Now, Kent states:
>       The term "connection-oriented integrity" is not really appropriate
> in the IPSEC environment, even when the anti-replay option is enabled.  The
> fact that we may provide keying at a per-connection or per-user granularity
> does not, in itself, represent connection-oriented integrity.

OK, assuming that both Bellovin and Kent are using the same terminology,
this says that we really cannot use IP Security in the attack scenarios
outlined by Bellovin.

And sure enough, Bellovin, in his final paper, opines:

   "These attacks and recommendations ... leave us feeling very nervous
    about network layer encryption.  ... We suggest that its use be
    restricted to the following situations:

   "1. Router-to-router encryption to provide virtual private networks,
    in conjunction with a firewall....

   "2. [A] tunnel from a mobile machine to its firewall....

   "3. Possibly between two single user hosts....

   "For more general use, we recommend moving towards [sic] the
    cryptographic processing towards the transport layer."

I remember old messages from Karn and JI recommending the same thing
nearly 5 years ago.  IP Security was never intended to be used for
communications between machines with "mutually suspicious" users.

Now, somebody explain why we wasted 4 years trying to shoe-horn in user
and connection oriented integrity?

And please explain why we wasted the past 2 years arguing about integrity
and ESP transforms, when it is unneeded for the above 3 scenarios?  AH
would serve just as well....

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2