[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
Henry Spencer writes:
> On Sat, 11 Aug 2001, Michael Thomas wrote:
> > > > [anonymous encryption]
> > > We thought about that, but decided that some authentication was better
> > > than none, especially since it would upgrade transparently...
> >
> > Well... How is this especially different than just
> > using self-signed certificates and having a wide open policy?
>
> The transparent upgrade to full security is important. As I said before,
> there's an important difference between temporary and permanent security
> holes. The nice thing about having DNSSEC verify the provenance of the
> public keys is that instituting this requires no changes to the protocol
> *or the protocol software*. Going from self-signed certificates to a
> certificate signing chain would.
Huh? IKE requires that you be able to verify signatures
back to a trusted root. There is absolutely no difference
whether you get those certs from DNS, IKE, or
pony express. The verification process is
essentially identical. The only difference I
can see is if you want to not use certs and
instead rely on naked public keys. I'm dubious
about this as there are better thought out ways
of doing a centralized key management scheme
(namely, kerberos) which is what that amounts
to (enrollment being the hard problem).
> Before too very long, it *will* be necessary to secure DNS, whether that
> is done by the current DNSSEC or by other means. Why duplicate that work
> in each application?
The implications of secure DNS is a global
PKI. The same global PKI that doesn't exist.
I have little reason to believe that the
PKI fairy will leave one under our pillow
any time soon.
> One must distinguish carefully between two different categories of people:
> the users, and the attackers. It's not unreasonable to aim protocols at
> 80% of the users, but that means those users should be secure against very
> nearly 100% of the attackers. It only takes one aggressive attacker to
> put many users in jeopardy.
> Most especially and particularly, there are quite a number of countries in
> the world where you can be 100% sure that the government will be an
> attacker, *because it already is*. And it has the cooperation, willing or
> unwilling, of the ISPs... so MITM attacks will not be difficult to mount.
> This is an important type of attacker.
I guess I differentiate your average luser script
kiddie with attackers who really know what they're
doing. Like door locks and other common sense
security measures, you can do an adequate job of
most of the petty crimes by raising the bar to
a sufficient degree of sophistication that the
average kiddie is going to go back to making
OE bombs instead. The latter category is and has
always been far more problematic.
In any case, there is already a way to thwart MITM
attacks using IKE *today*. There is no need whatsoever
to bring DNS into the picture to do that, and indeed
DNS obscures the situation, IMO. Instead of making
a single self contained complicated system, you now
have two extremely complicated systems to analyze.
Mike
References: