[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

To: Derek Atkins <warlord@mit.edu>
Subject: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
From: Stephen Kent <kent@bbn.com>
Date: Thu, 16 Aug 2001 17:42:32 -0400
Cc: ipsec@lists.tislabs.com, FreeS/WAN Design Issues <design@lists.freeswan.org>
In-Reply-To: <sjmn1503ywh.fsf@rcn.ihtfp.org>
References: <Pine.BSI.3.91.1010815104227.27630E-100000@spsystems.net><p0501040db7a0ac202a1b@[128.33.238.53]> <sjmn1503ywh.fsf@rcn.ihtfp.org>
Sender: owner-ipsec@lists.tislabs.com

At 9:41 AM -0400 8/16/01, Derek Atkins wrote:
>Stephen Kent <kent@bbn.com> writes:
>
>>  We disagree on the merits of opportunistic encryption. For most
>>  organizations, the primary threat is one of unauthorized access, not
>>  massive passive wiretapping of Internet traffic. Thus encrypting lost
>>  of traffic, without providing accompanying access controls, might
>>  cause more harm (in the access control dimension) than good, e.g., by
>>  making it harder to perform intrusion detection, trace attacks, etc.
>>  However, to the extent that FreeS/WAN tries to address a concern to a
>>  user community that has a different threat model, one that is more
>>  focused on big brother than on hackers, I don't argue with your
>>  approach.
>
>This is certainly not MY memory from Cambridge '92, when the concept
>of IPsec was to provide encryption technology at the network layer for
>all connections on the Internet.  A side effect of the goal was
>endpoint authentication.  Adding access control came even later.
>

Some may have come away with that impression. I certainly didn't. You 
may recall that Ran Atkinson, who wrote the initial documents, noted 
that he viewed IPsec ad modelled in large part on the SNDS SP3 work. 
I participated in that work, and I can assure you that endpoint 
authentication was an essential aspect of SP3.

I also recall that Steve Bellovin and I participated in a panel at 
the National Computer Security Conference in the mid-90s, chaired by 
Dorothy Denning, where the topic was "Will Encryption Thwart 
Hackers." The panel was unanimous in agreeing that the answer was no, 
for a variety of reasons that are still valid to day.  I know of very 
few folks in the (larger) Internet community who believe that the 
principal threat is passive wiretapping of the Internet, vs. 
unauthorized access to computing resources on organizational LANs. 
Encryption of lots of Internet traffic, without accompanying 
authentication and access control, does not address the latter 
concern.

Steve

Follow-Ups:

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

From: Henry Spencer <henry@spsystems.net>

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

From: Derek Atkins <warlord@mit.edu>

References:

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

From: Henry Spencer <henry@spsystems.net>

Re: [Design] Re: Wes Hardaker: opportunistic encryptiondeployment problems

From: Stephen Kent <kent@bbn.com>

Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie=0
Next by Date: RE: XKMS and NIH RE: Simplifying IKE
Prev by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
Next by thread: Re: [Design] Re: Wes Hardaker: opportunistic encryption deployment problems
Index(es):
- Main
- Thread