[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
"Alexei V. Vopilov" writes:
> First issue can be partially resolved by having protocol
> support logically equivalent to:
> Host A negotiates a SA destined to Host B with Router R.
Repulsive and dangerous to security.
> Tricky logic, but can be technically achieved with modification
> of current ISAKMP. While this might open a new sort of attacks
> (I don't care), the router R can further differentiate IPsec traffic
> by SPI value found in there.
The "(I don't care)" worries me here.
> Second issue can be resolved only under an assumption that host A and B
> will reveal information to R that is equivalent to having the case:
Sharing keys with intermediate routers is also a really, really,
amazingly bad idea from a security standpoint.
To recap, the two problems you are solving are:
> 1. Fine grained Statistic counting
Which doesn't strike me as so worthy a goal as to make security
compromises necessary, and:
> 2. Traffic Inspection on packet per packet basis
Which also doesn't strike me as that important a goal in context.
Perry
References: