[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: manual keying and IPSEC conformance

To: rpereira@TimeStep.com (Roy Pereira)
Subject: Re: manual keying and IPSEC conformance
From: Dan.McDonald@Eng.Sun.Com (Dan McDonald)
Date: Thu, 21 Aug 1997 14:52:50 -0700 (PDT)
Cc: ipsec@tis.com
In-Reply-To: <c=US%a=_%p=TimeStep_Corpora%l=TSNTSRV2-970821214617Z-6521@tsntsrv2.timestep.com> from "Roy Pereira" at Aug 21, 97 05:46:17 pm
Sender: owner-ipsec@ex.tis.com

<SNIP!>
> I know that most of our clients do not want a back door like manual
> keying in their security product.

One thing I have a terrible time understanding is why people think manual
keying will make their systems LESS secure.  The only gain in security you
get by disabling manual keying is STO, and that's because your adversary has
to somehow gain access to the machine state by other means than a manual
keying interface.

I'm not saying manual keying should be an operation open to every user on a
system, at every privilege level.  It's most definitely a privilege;
root-level on UNIX, and requiring its own privilege class on an MLS system.
And if you're on a system that has only one privilege level (PC of some
kind), then machine state is probably not difficult to obtain anyway.

If anything, manual keying is the only truly secure method of key exchange.
Two ultra-paranoid parties figure out in a locked room what the key is, they
go home and _manually_ add it to their respective systems, which they have
locked up and guarded with shotguns, dogs, etc.  The problem reduces to the
key strength of the algorithm in question.

Now granted, the current suite of algorithms and key exchanges are such that
the strength of the key exchange dominates the strength of the algorithms
being used, but that doesn't have to be the case.  Hell, I may want to use
2048-bit El Gamal on my traffic w/o having to secure it with a 4096 exchange.
Sure it'll be slow, but it'll definitely be secure.

---

On another note, thanks to those who pointed out that there is a difference
between manual keying, and hooks for other KM schemes.  In my haste to get
out my first note, I failed to make that distinction.

Noting that distinction, however, I will say that if you have hooks for other
key mgmt. schemes, it shouldn't be too terribly painful to use the same hooks
to attach some sort of user-interface to your SADB/Key-Engine/etc.  Even if
your hooks are inside a protection boundary, a shim that crosses that
protection boundary shouldn't be difficult to construct.

I offer the BSD Routing Socket, and that the route(8) command in BSD is just
a command-line interface to said routing socket, as an example.

Dan

References:

RE: manual keying and IPSEC conformance

From: Roy Pereira <rpereira@TimeStep.com>

Prev by Date: RE: manual keying and IPSEC conformance
Next by Date: SAs and SPIs
Prev by thread: RE: manual keying and IPSEC conformance
Next by thread: RE: manual keying and IPSEC conformance
Index(es):
- Main
- Thread