Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

[Michael Thomas <mat@cisco.com>]

Henry Spencer writes:
 > On Sat, 11 Aug 2001, Michael Thomas wrote:
 > >  > > [anonymous encryption]
 > >  > We thought about that, but decided that some authentication was better
 > >  > than none, especially since it would upgrade transparently...
 > > 
 > >    Well... How is this especially different than just
 > >    using self-signed certificates and having a wide open policy?
 > 
 > The transparent upgrade to full security is important.  As I said before,
 > there's an important difference between temporary and permanent security
 > holes.  The nice thing about having DNSSEC verify the provenance of the
 > public keys is that instituting this requires no changes to the protocol
 > *or the protocol software*.  Going from self-signed certificates to a
 > certificate signing chain would.

   Huh? IKE requires that you be able to verify signatures
   back to a trusted root. There is absolutely no difference
   whether you get those certs from DNS, IKE, or
   pony express. The verification process is
   essentially identical. The only difference I
   can see is if you want to not use certs and
   instead rely on naked public keys. I'm dubious
   about this as there are better thought out ways
   of doing a centralized key management scheme
   (namely, kerberos) which is what that amounts
   to (enrollment being the hard problem).
 
 > Before too very long, it *will* be necessary to secure DNS, whether that
 > is done by the current DNSSEC or by other means.  Why duplicate that work
 > in each application? 

   The implications of secure DNS is a global
   PKI. The same global PKI that doesn't exist.
   I have little reason to believe that the
   PKI fairy will leave one under our pillow
   any time soon.

 > One must distinguish carefully between two different categories of people:
 > the users, and the attackers.  It's not unreasonable to aim protocols at
 > 80% of the users, but that means those users should be secure against very
 > nearly 100% of the attackers.  It only takes one aggressive attacker to
 > put many users in jeopardy. 
 
 > Most especially and particularly, there are quite a number of countries in
 > the world where you can be 100% sure that the government will be an
 > attacker, *because it already is*.  And it has the cooperation, willing or
 > unwilling, of the ISPs... so MITM attacks will not be difficult to mount.
 > This is an important type of attacker. 

   I guess I differentiate your average luser script
   kiddie with attackers who really know what they're
   doing. Like door locks and other common sense
   security measures, you can do an adequate job of
   most of the petty crimes by raising the bar to
   a sufficient degree of sophistication that the
   average kiddie is going to go back to making
   OE bombs instead. The latter category is and has
   always been far more problematic. 

   In any case, there is already a way to thwart MITM
   attacks using IKE *today*. There is no need whatsoever
   to bring DNS into the picture to do that, and indeed
   DNS obscures the situation, IMO. Instead of making
   a single self contained complicated system, you now
   have two extremely complicated systems to analyze.

	    Mike

---

References:

• Re: Wes Hardaker: opportunistic encryption deployment problems
• From: Michael Thomas <mat@cisco.com>
• Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• Next by Date: RE: Simplifying IKE
• Prev by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
• Next by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryptiondeployment problems
• Index(es):
  • Main
  • Thread