Re: Simplifying IKE

[Steve.Robinson@psti.com]

                    Francis Dupont                                                                                           
                    <Francis.Dupont@enst-br        To:     Steve.Robinson@psti.com                                           
                    etagne.fr>                     cc:     andrew.krywaniuk@alcatel.com, "'Dan McDonald'"                    
                    Sent by:                       <danmcd@East.Sun.COM>, ipsec@lists.tislabs.com,                           
                    owner-ipsec@lists.tisla        owner-ipsec@lists.tislabs.com, "'Sandy Harris'" <sandy@storm.ca>          
                    bs.com                         Subject:     Re: Simplifying IKE                                          
                                                                                                                             
                                                                                                                             
                    08/09/01 11:49 AM                                                                                        
                                                                                                                             
                                                                                                                             








 In your previous mail you wrote:

   While I certainly agree that the attack described in the
Ferguson/Schneier
   paper on ESP was esoteric, I disagree on your conclusion that
   no damage will be done.  Let's assume that no attack is occurring.  What
if
   the system administrator enters the section of the key used for
decryption
   incorrectly?  Authentication will work correctly, but right now, there
is
   no verification mechanism in place to assure that the plaintext is not
   garbage, and once you pass garbage up to the upper layers, the behaviour
is
   system specific and unknown -- it could range from catastrophic to no
   damage at all.

=> I don't buy this argument: upper layers are reading to eat garbage
because garbage can occur on lower layer transmisson errors. They
usually use a checksum for that.

STEVE:
Yes, checksums, when used, will catch the garbage.  But I still like to
follow the ideals of robust programming and not rely on the upper layer for
catching what  could be a bad design in the lower layers.  I like the
principals behind object oriented design, in that the lower layers
shouldn't know what the upper layers are doing, and visa versa -- so each
layer should do what it can to make sure that the data received is not
garbage, and if the need is there, to make sure that the data it is passing
up to the next layer isn't garbage either.  Knowledge of upper layer
behaviour, in my mind, violates the principals of separating layer
behaviour.  I also realize that in practice this is not always possible.
However, I believe that this reason alone is NOT good enough to justify
modification of an established protocol.  My personal preference is for the
eventual simplification of IPsec by having a single security protocol.
>From what I have seen historically from this thread, it is probably better
to establish a new protocol that will obsolete AH and ESP some time down
the road, rather than attempt modification of either of the two established
protocols we have.

Anyway, I won't comment further on this, it is kinda off topic, and I know
the working group is currently concentrating it's efforts on IKE
modifications.

Take Care,
steve.robinson@psti.com

Regards

Francis.Dupont@enst-bretagne.fr

---

• Prev by Date: Re: Simplifying IKE
• Next by Date: RE: Simplifying IKE
• Prev by thread: Re: Simplifying IKE
• Next by thread: RE: Simplifying IKE
• Index(es):
  • Main
  • Thread