[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Windows 2000 and Cicsco router interoperability
At 11:41 AM -0700 5/14/00, Jan Vilhuber wrote:
>In some people's minds, it's an acceptable trade-off, and others wil think
>differently.
>
>Personally, I don't see much difference with doing a check after decryption
>and decapsulation, than doing it before. Yes, you may loose some context, but
>so what.
>
>You can either burden IKE and IPSEC with a whole bunch more mechanisms for
>user-authentication, authorization, and accounting, thus making the protocols
>even MORE complex (and thus less likely to be completely understood and
>analyzed for weaknesses), OR you can combine two simple (relatively)
>mechanisms, and combine them. In fact, it precisely because I DON'T want to
>revisit these protocols, that I'm advocating l2tp+ipsec.
>
>The loss of security you claim exists there, I don't see.
>
>jan
As I noted, if one has lost the binding between a packet and the SA
via which it arrived, because the access control decision is being
made outside the IPsec module, then this decision is being made based
on unauthenticated inputs, which is no better than what one gets from
a typical firewall w/o IPsec. I'd say this is a significant
degradation of the security potential offered by IPsec.
Steve
Follow-Ups:
References: