[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bruce Schneier on IPsec
Some more thoughts on IPSec and where it is going.
Large committee projects like IPSec always tend to take on lives of
their own. Not only is there "feature creep", but they tend to resist
or ignore external events and trends that change the relevance of
their original goals.
When IPSec started in 1992, most Internet nodes were still large,
stationary and connected through LANs and other hardwired paths.
Internet encryption was nearly nonexistent. PGP was less than a year
old and its legal status was controversial at best. It certainly
wasn't used to sign files as much as it is now. SSL didn't exist. SSH
didn't exist. Heck, the web didn't exist. Lots of people were
contemplating adding security to each application protocol, and I
pitched IPSec as a way to reduce duplication of development effort.
But IPSec's real problem is that TCP/IP is steadily becoming less and
less end-to-end. Email is the best example. We have lots of dumb email
clients like Netscape and Eudora that cannot do their own outbound
delivery; and we have POP, needed by the millions of PC users on
dialup ISPs who cannot run their own full-time mail receivers.
Many web transactions are also not end-to-end, thanks to web proxy
caches and mirrors. And then there's NAT and SOCKS...
I don't like this retreat from end-to-end purity either, but it's a
fact of life. These applications still need security, and it's clear
that IPSec cannot hope to provide it on a proper end-to-end basis.
There's just no alternative to application-level security.
IPSec still has a very important role in creating secure virtual
private networks. But it is going to have to be *substantially*
simplified if it's going to have a real chance to do this in a way
that satisfies experts like Schneier. The very last thing we want is
something we think is secure, but isn't.
Phil
Follow-Ups: