[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Fw: IPSec vs. SSL

Your comments about SSL seem to apply to the non Diffie-Hellman modes. Whne
Diffie-Hellman is used with RSA signing then the session key data is
generated by both parties and the long term secrecy is not compromised by
the exposure of the private key (although naturally further communication is
because man in the middle becomes possible).


-----Original Message-----
From: Joel M Snyder [mailto:Joel.Snyder@Opus1.COM]
Sent: Tuesday, December 19, 2000 3:28 PM
To: Steven M. Bellovin
Cc: Paul Heber; Henry Spencer; ipsec@lists.tislabs.com
Subject: Re: Fw: IPSec vs. SSL

>To me, the difference is ease of deployment versus scope of protection.
>SSL is easier to deploy, because it lives solely at user level.  It
>does not need any kernel mods, source code, etc., and is reasonably
>portable between operating systems.

>On the other hand, with SSL you have to secure one application at a
>time.    You can't protect entire subnets.  There are trivial
>denial of service attacks by active attackers; they simply need to
>inject a single TCP packet.  And there's no way to protect UDP.

I agree that those are the main and key issues.  
There are two other problems with SSL that I bring up in my class (warning
students that these are largely "academic" issues):

1) The key generation in SSL is done by one party, not two, and therefore
defects in implementation (such as Netscape had) have especially large
with IPSEC, the two parties both contribute equally to key generation which
would tend to mitigate these effects (perhaps). 

2) The secrecy of an SSL conversation is dependent on the private key of the
server (assuming one-way authentication) being FOREVER kept secret; if the
private key is exposed, then all old "taped" SSL conversations can be played
back and decoded; with IPSEC, the encryption key could be compromised, but
practice such keys are unlikely to be in some persistent storage.  Ergo, if
broke into a web server and grabbed the private key, all conversations would
exposed to me.  Quick question: how often when a web server is "defaced" do
think the owners think to generate new private keys? 


Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)  
jms@Opus1.COM    http://www.opus1.com/jms    Opus One