[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opportunistic encryption deployment problems

To: <sommerfeld@East.Sun.COM>, "Michael Richardson" <mcr@sandelman.ottawa.on.ca>
Subject: Re: opportunistic encryption deployment problems
From: "Jari Arkko" <jari.arkko@kolumbus.fi>
Date: Tue, 21 Aug 2001 08:03:25 +0300
Cc: <ipsec@lists.tislabs.com>, <design@lists.freeswan.org>, "Wes Hardaker" <wes@hardakers.net>, "Hugh Daniel" <hugh@road.xisp.net>
References: <200108202100.f7KL07022725@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com

Bill Sommerfeld wrote:

> While it's outside the scope of a protocol specification, the spec
> should recommend that, in the absence of some form of certification,
> implementations should make {dnsname,address}->key mappings "sticky"
> using techniques similar to those currently used by ssh.

I very much like the idea of opportunistic encryption. However,
I'm concerned on the reliance on secure DNS as the only
authentication mechanism. While I do like how OE can be
used from small to large deployment of DNSSEC, I'm
concerned that (a) DNSSEC will eventually bring the same
trouble as a large scale PKI would [such as the worries
about people being able to control their reverse mappings
or their DNS at all], and (b) it may not be the most effective
weak authentication scheme [and it is weak until the root
gets signed].

In particular, I wonder if ssh-like leap-of-faith authentication at
the time of first contact and subsequent strong authentication
would be a better weak authentication scheme. Not much memory
is needed for this, just a mapping from a claimed identity to
a hash of the public key. Additionally, this has the benefit that
dynamic IP addresses can be accommodated as the identity
could be e.g. the user's e-mail rather than the changing IP/dns.
I believe there are vendors who are already using self-signed
certificates to do something like this.

There are also other possibilities for making unauthenticated
encryption become weak encryption. How about using server
side certificates in part, noting that many servers already have
them due to SSL? Then the other side would be authenticated
using e.g. leap-of-faith or DNSSEC. Web of trust is also a possibility,
if my friend logged on to www.cnn.com three years ago, I could trust
his initial ssh-style authentication also for my logins since he propably
got there before the evil government spies installed their active
attack equipment ;-)

Jari

Follow-Ups:

Re: opportunistic encryption deployment problems

From: Jakob Schlyter <jakob@crt.se>

Re: opportunistic encryption deployment problems

From: Pekka Riikonen <priikone@silcnet.org>

References:

Re: opportunistic encryption deployment problems

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Prev by Date: Re: Bakeoff summary
Next by Date: Re: opportunistic encryption deployment problems
Prev by thread: Re: opportunistic encryption deployment problems
Next by thread: Re: opportunistic encryption deployment problems
Index(es):
- Main
- Thread