Re: Use IPSEC as SSH replacement

["Steven M. Bellovin" <smb@research.att.com>]

In message <Pine.BSI.3.91.981201133455.16907D-100000@spsystems.net>, Henry Spen
cer writes:
>On Tue, 1 Dec 1998, Scott G. Kelly wrote:
>> It seems that one of the greatest impediments to this is the perceived
>> vulnerability of the channel between the application and the ipsec
>> layer...
>
>Unfortunately, in the most severely general case, this problem is beyond
>solution... because in a system with the classical user/kernel split, any
>hostile software which can intervene at the kernel level can also inspect
>and change the code and data of the application itself, defeating *any*
>application-level safeguards.  It seems to me that there is little hope of
>defending the application against a sophisticated attack mounted from
>within the kernel it is running on.  Effective defences have to be placed
>further out, defending the kernel against intrusion.

Agreed.  

The issue with IPSEC is the granualarity of protection.  In particular,
if host-level or gateway-level protection is used, how can an application
request some minimum level of protection, find out what is in fact being
used, and look at the certificate presented.  For many purposes, a replacement
for ssh would need these abilities.

---

Follow-Ups:

• Re: Use IPSEC as SSH replacement
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: SA bundles, multiple tunnels?
• Next by Date: Re: Agenda stuff
• Prev by thread: RE: Use IPSEC as SSH replacement
• Next by thread: Re: Use IPSEC as SSH replacement
• Index(es):
  • Main
  • Thread