[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
Francis Dupont
<Francis.Dupont@enst-br To: Steve.Robinson@psti.com
etagne.fr> cc: andrew.krywaniuk@alcatel.com, "'Dan McDonald'"
Sent by: <danmcd@East.Sun.COM>, ipsec@lists.tislabs.com,
owner-ipsec@lists.tisla owner-ipsec@lists.tislabs.com, "'Sandy Harris'" <sandy@storm.ca>
bs.com Subject: Re: Simplifying IKE
08/09/01 11:49 AM
In your previous mail you wrote:
While I certainly agree that the attack described in the
Ferguson/Schneier
paper on ESP was esoteric, I disagree on your conclusion that
no damage will be done. Let's assume that no attack is occurring. What
if
the system administrator enters the section of the key used for
decryption
incorrectly? Authentication will work correctly, but right now, there
is
no verification mechanism in place to assure that the plaintext is not
garbage, and once you pass garbage up to the upper layers, the behaviour
is
system specific and unknown -- it could range from catastrophic to no
damage at all.
=> I don't buy this argument: upper layers are reading to eat garbage
because garbage can occur on lower layer transmisson errors. They
usually use a checksum for that.
STEVE:
Yes, checksums, when used, will catch the garbage. But I still like to
follow the ideals of robust programming and not rely on the upper layer for
catching what could be a bad design in the lower layers. I like the
principals behind object oriented design, in that the lower layers
shouldn't know what the upper layers are doing, and visa versa -- so each
layer should do what it can to make sure that the data received is not
garbage, and if the need is there, to make sure that the data it is passing
up to the next layer isn't garbage either. Knowledge of upper layer
behaviour, in my mind, violates the principals of separating layer
behaviour. I also realize that in practice this is not always possible.
However, I believe that this reason alone is NOT good enough to justify
modification of an established protocol. My personal preference is for the
eventual simplification of IPsec by having a single security protocol.
>From what I have seen historically from this thread, it is probably better
to establish a new protocol that will obsolete AH and ESP some time down
the road, rather than attempt modification of either of the two established
protocols we have.
Anyway, I won't comment further on this, it is kinda off topic, and I know
the working group is currently concentrating it's efforts on IKE
modifications.
Take Care,
steve.robinson@psti.com
Regards
Francis.Dupont@enst-bretagne.fr