[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Simplifying IKE
> Imagine that an attacker can generate traffic on flow A
> behind a gateway and
> read the encrypted traffic on the Internet; he now has the
> possibility of
> doing a chosen-plaintext attack. If the gateway sends traffic across
> multiple SAs, then cryptanalysis of the output stream for
> flow A will only
> allow the attacker to crack the key for SA_A (which only
> protects traffic
> which was generated by the attacker).
>
> Andrew
I'm thinking that an attacker with access to the plaintext side of an IPsec gateway already has far easier attacks than sending a trillion plaintext packets (which I'm sure will go un-noticed) through the gateway and doing an analysis on the results.
I think the point is being missed here. It's the complexity of trying to deal with *every* possible security attack that has led to the current mess. It is just not practical to have the IP layer fully responsible for *all* security. Decide what you can do to protect the privacy of communications in a *reasonable* enviroment. Let the upper, application, layer add it's own authentication (and encryption as well if necessary) because that's where those decisions make more sense. Treat security like the onion, as it's supposed to be treated. It's not a failure to punt the problem and say "look, solving that attack is the responsibility of the application, if the consequences are that severe, then the application needs to be secure as well". Think of IPsec as the default "freebee" security that is inherent in the system, if an application needs more, then let them add more.
My 2 cents worth, I now return you to your previous programming.
Lee Dilkie
Mitel Networks
350 Legget Drive
Kanata, ON, Canada
K2K 2W7
Phone: 1-613-592-5660
"It wasn't easy to juggle a pregnant wife and a troubled child, but somehow I managed to fit in eight hours of TV a day."
- Homer Simpson (from "The Simpsons")
Follow-Ups: