Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

["Perry E. Metzger" <perry@piermont.com>]

"Alexei V. Vopilov" writes:
> First issue can be partially resolved by having protocol
> support logically equivalent to:
> Host A negotiates a SA destined to Host B with Router R.

Repulsive and dangerous to security.

> Tricky logic, but can be technically achieved with modification
> of current ISAKMP. While this might open a new sort of attacks
> (I don't care), the router R can further differentiate IPsec traffic
> by SPI value found in there.

The "(I don't care)" worries me here.

> Second issue can be resolved only under an assumption that host A and B
> will reveal information to R that is equivalent to having the case:

Sharing keys with intermediate routers is also a really, really,
amazingly bad idea from a security standpoint.

To recap, the two problems you are solving are:

> 1. Fine grained Statistic counting

Which doesn't strike me as so worthy a goal as to make security
compromises necessary, and:

> 2. Traffic Inspection on packet per packet basis

Which also doesn't strike me as that important a goal in context.

Perry

---

References:

• Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• From: "Alexei V. Vopilov" <alx@elnet.msk.ru>

---

• Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Index(es):
  • Main
  • Thread