[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Subject: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
From: Alan Blair <ablair@erols.com>
Date: Tue, 31 Mar 1998 00:20:41 -0500
CC: iesg@ns.ietf.org, ipsec@tis.com, ietf@ns.ietf.org, tcp-over-satellite@achtung.sp.trw.com
References: <199803310056.TAA04910@thunk.orchard.arlington.ma.us>
Reply-To: ablair@erols.com
Sender: owner-ipsec@ex.tis.com

My understanding is that the TCP Over Satellite WG is considering the use
of spoofing (at least as a research topic).  I presume this means that
IPSec and spoofing to improve performance on a long latency satellite
network are incompatible.   Is there any way to maintain security and
still do TCP spoofing for satellites (i.e., could you elaborate on the
evil)?

                                                            Alan

Bill Sommerfeld wrote:

> Since often things seem to turn on the volume (or mass) of commentary,
> I think I'll weigh in here..
>
> A number of folks have argued for adding various layers of
> "transparency" to the ipsec, for a variety of reasons:
>         1) management wiretapping.
>         2) differential handling based on protocol.
>         3) protocol spoofing for long-latency networks.
>
> None of these seem to justify this, and there are alternate means of
> accomplishing these..
>
> 1) Wiretapping is exactly what this set of protocols was intended to
> prevent (duh!)...  conceivably, facilities for wiretapping traffic (a
> la RMON), both before encryption and after decryption, could be built
> into end systems, and enabled only when suitable cryptographic
> authorization is presented by the management station.. however, I
> can't imagine situations where I would want to turn that on in
> production systems..
>
> 2) The proposed mechanism (putting a copy of port numbers outside the
> crypto) is essentially a "new" mechanism, requiring new handling in
> routers, and could just as well be replaced by code which sets the
> appropriate TOS/precedence bits.  Also, if fine-grained (e.g.,
> connection-oriented) keying is in use, different flows could be
> distinguished by the SPI (which, for ESP, is conveniently the same
> size and in the same place as the port pair..)
>
> 3) IMHO, protocol spoofing (e.g., forging TCP acks in the middle of
> the network) is simply evil....
>
>                                         - Bill



--
The best way to predict the future is to invent it

References:

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>

Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Main
- Thread