[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Position statement on IKE development

To: "Marcus Leech" <mleech@nortelnetworks.com>, msec@securemulticast.org, ietf-ipsra@vpnc.org, ipsec-policy@vpnc.org, ipsec@lists.tislabs.com
Subject: Re: Position statement on IKE development
From: Alex Alten <Alten@home.com>
Date: Thu, 02 Aug 2001 23:49:51 -0700
In-Reply-To: <3.0.3.32.20010802220454.00fc0530@mail>
References: <3B69FF7B.85CF61@nortelnetworks.com>
Sender: owner-ipsec@lists.tislabs.com

After just reading the papers by Meadows, Schneier/Ferguson and 
Simpson, I now have serious doubts that IPsec delivers the security
required by the Internet community.

This is a very serious issue.

To make a mistake of this caliber when so many firms have committed 
large amounts of resources for software, board, ASIC and chip designs,
implementations and manufactures is a terrible thing.  

I agree with Schneier & Ferguson. A security protocol/system cannot be
designed by a large committee, unlike many other successful insecure
protocols. Their suggestion to use a process like NIST's for selecting
the AES standard is an excellent one. It's a pity they did not suggest
it a decade ago. However it should be considered seriously not only
for the replacement of IKE, but possibly also for the modification or
simplification of the entire IPsec protocol suite. (I hesitate to say
the replacement of IPSEC given the tremendous repercussions of doing
so.)

- Alex

At 10:04 PM 8/2/2001 -0700, Alex Alten wrote:
>
>Dear Marcus, Jeff and Steve,
>
>May I make a suggestion given the seriousness of this?
>
>Let's hold an international design competition to select a key 
>management protocol for IPSec in a manner similar to how NIST did
>the AES selection (although I hope it takes less than 5 years).
>Once we get to a final 5, then let's cryptanalyze them and select
>the best one.  In this manner hopefully we can avoid a 2nd debacle.
>
>Sincerely,
>
>- Alex Alten
>
>
>At 09:33 PM 8/2/2001 -0400, Marcus Leech wrote:
>>I'm sending the attached ASCII TEXT document on behalf of myself, Jeff
>>Schiller, and
>>  Steve Bellovin, to clarify our position with respect to IKE
>>development. It is our hope
>>  that it will clarify, to some extent, some fuzziness in this area that
>>has evolved over
>>  the last year or so.In the several years since the standardization of
>the IPSEC protocols
>>(ESP, AH, and ISAKMP/IKE), there have come to light several security
>>problems with the protocols, most notably the key-agreement protocol,
>>IKE.  Formal and semi-formal analyses by Meadows, Schneier et al, and
>>Simpson, have shown that the security problems in IKE stem directly
>>from its complexity.  It seems only a matter of time before more
>>analyses show more serious security issues in the protocol design that
>>stem directly from its complexity.  It seems also, only a matter of
>>time, before serious *implementation* problems become apparent, again
>>due to the complex nature of the protocol, and the complex
>>implementation that must surely follow.
>
>...
>
>>
>>
>>Marcus Leech   (IESG)
>>Jeff Schiller  (IESG)
>>Steve Bellovin (IAB)
>>
>--
>
>Alex Alten
>
>Alten@Home.Com
>
>
>
--

Alex Alten

Alten@Home.Com

Follow-Ups:

Re: Position statement on IKE development

From: Henry Spencer <henry@spsystems.net>

RE: Position statement on IKE development

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:

Position statement on IKE development

From: "Marcus Leech" <mleech@nortelnetworks.com>

Re: Position statement on IKE development

From: Alex Alten <Alten@home.com>

Prev by Date: Re: Position statement on IKE development
Next by Date: RE: problem with HMAC precomputes.
Prev by thread: Re: Position statement on IKE development
Next by thread: Re: Position statement on IKE development
Index(es):
- Main
- Thread