[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[8]: ISAKMP performance

To: pcalhoun@usr.com
Subject: Re: Re[8]: ISAKMP performance
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Wed, 23 Jul 1997 18:15:04 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: Bill Sommerfeld <sommerfeld@apollo.hp.com>, ho@earth.hpc.org, ipsec@tis.com
In-Reply-To: pcalhoun@usr.com's message of Wed, 23 Jul 1997 09:07:32 -0500,<3D630BE0.3000@usr.com>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

   From: pcalhoun@usr.com
   Date: Wed, 23 Jul 1997 09:07:32 -0500

	   In this application, it is implied that end to end security is used 
	(hopefully using IPSEC). Againk, as I have repeted many times, I am 
	not attempting to encrypt the users' data, merely trying to get around 
	all of the security holes in the L2TP protocol by using IPSEC 
	underneath it. In this case, authentication of each L2TP peer is done 
	using IPSEC. This will ensure that no malicious user inserts data into 
	a tunnel data stream.

I haven't had a chance to study the L2TP protocol yet, but from what
I've heard on this list, it's really not clear a pure IPSEC solution is
the right one.  You might be better off using the GSSAPI (with some kind
of private-key crypto mechanism) to do the initial authentication
connection, and then perhaps using GSSAPI to send over a key which is
used at the ESP layer, for example.

	   Again, this gets back to the fact that most WG are simply pointing 
	to the IPSEC group for all of their security needs. I think this is 
	WRONG and more thought need to be put into it before a WG decides to 
	do this, but unfortunately this WG is called IP Security. It gets very 
	difficult to argue NOT using IP Security if a protocol runs over IP 
	(just because of the name implies that it makes ALL IP traffic secure, 
	does not mention scaling problems).

Well, it should be obvious that ipsec is but one working group among
many in the IETF Security Area, and we didn't shut them all down just
because we were working on IPSEC.  There are different places where
different security approaches need to be used.  I know you've asked us
to "speak out", but many people have in the Security Area have do so in
the past, and people haven't listened.  (They generally prefer to
believe what will result in the least amount of work for themselves :-).

This perhaps wouldn't be as much of an issue if working groups were
actually putting implementations together coincident with generating the
spec, since presumably then people would notice the disconnects earlier.
But I don't know that this is necessarily a IPSEC working group issue.
I can certainly talk to my peers in the Security Area, and the Security
Area Director can talk to the other A-D's, but I'm afraid we've done
this before; heck, just a few months ago the IAB sponsored a workshop on
Security.  The question is how do we get all of the people in the
various working groups to listen....

						- Ted

References:

Re[8]: ISAKMP performance

From: pcalhoun@usr.com

Prev by Date: Re: Derived versus Explicit IV
Next by Date: Re: Derived versus Explicit IV
Prev by thread: Re[8]: ISAKMP performance
Next by thread: Re: Re[8]: ISAKMP performance
Index(es):
- Main
- Thread