[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: Henry Spencer <henry@spsystems.net>
Subject: Re: Bruce Schneier on IPsec
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 19 Jan 2000 23:12:01 -0800
Cc: IP Security List <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

In message <Pine.BSI.3.91.1000119203938.18717S-100000@spsystems.net>, Henry Spe
ncer writes:

>
>> And it is my humble opinion, that the authors don't fully understand the
>> protocol, nor indeed some of the special challenges of networking...
>
>I wouldn't be surprised; in fact, the authors admit as much in some
>places.  But whose fault is that?  The IPSEC spec is better than it used
>to be, but it's still pretty bad.  Most notably, as F&S observe, it is
>glaringly deficient precisely in explaining *why* it does things the way
>it does.  Again, this is a situation which might be tolerable in some
>contexts but is unacceptable in the Internet's central security protocol. 

Many of their comments aren't new.  I've been arguing against AH for years, 
for example.  (The WG didn't agree with me, so I haven't pursued the 
question.)  Similarly, lots of people complained about the complexity of 
ISAKMP way back when.  For reasons that are too painful to dredge up, it 
became the only choice.  Those two points are, perhaps, a result of the 
consensus process that Ferguson and Schneier have criticized.

On the other hand, the distinction between transport mode and tunnel mode is a 
vital matter of network architecture, and I don't think that that was properly 
understood by the authors.  (I sent a long note to them on this topic quite 
some time ago.)  I'm quite convinced that we made the right choice there, and 
see no reason to revisit it.

The really interesting issue is whether or not we should revisit IKE.  In one 
sense, I'd hate to -- it's taken a long time to get to this level of 
implementation and interoperability.  On the other hand, at the very least the 
documents, and perhaps the protocol, are quite hard to understand -- just read 
the mailing list to see where there are differences in interpretation, 
questions about meaning, etc.  IKE may or may not be necessary, sufficient, 
and correct -- but it's awfully hard to comprehend.

		--Steve Bellovin

Follow-Ups:

Re: Bruce Schneier on IPsec

From: Sandy Harris <sandy@storm.ca>

Prev by Date: RE: Notify Invalid Spi/Cookie (was RE: Phase 1 KB lifetime)
Next by Date: I-D ACTION:draft-ietf-ipsec-ike-base-mode-02.txt
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread