Re: [Design] Re: opportunistic encryption deployment problems

[Michael Richardson <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jari" == Jari Arkko <jari.arkko@kolumbus.fi> writes:
    Jari> I very much like the idea of opportunistic encryption. However,
    Jari> I'm concerned on the reliance on secure DNS as the only
    Jari> authentication mechanism. While I do like how OE can be

  Certainly other systems of authentication can be created.

  The appeal of the reverse map is that control over reverse map is 
usually sufficient proof that you control the IP address. Unfortunately, it
turns out to be too strong, as there are many people who feel they own their
IP address, but do not own the reverse map.

  In gateway mode OE, one has only an IP address to go on. The only way we
can get a different key is to involve the application in some way.
 
    Jari> used from small to large deployment of DNSSEC, I'm
    Jari> concerned that (a) DNSSEC will eventually bring the same
    Jari> trouble as a large scale PKI would [such as the worries
    Jari> about people being able to control their reverse mappings
    Jari> or their DNS at all], and (b) it may not be the most effective
    Jari> weak authentication scheme [and it is weak until the root
    Jari> gets signed].

  These are certainly true claims. Given that people have difficulty getting
control over their reverse maps, getting the additional leap of faith to get
things signed may be asking far too much. 

    Jari> In particular, I wonder if ssh-like leap-of-faith authentication at
    Jari> the time of first contact and subsequent strong authentication
    Jari> would be a better weak authentication scheme. Not much memory
    Jari> is needed for this, just a mapping from a claimed identity to
    Jari> a hash of the public key. Additionally, this has the benefit that

  I would agree that this is another approach. 
  The SPP gateway discovery system could easily be modified to do this kind
of thing. It has the additional advantage of discovering the topologically
closest gateway. There have been comments that this won't work in the face of 
routing changes, but if there are routing changes, then one has to establish
new tunnels anyway. SPP is supposed to be sent periodically.

    Jari> There are also other possibilities for making unauthenticated
    Jari> encryption become weak encryption. How about using server
    Jari> side certificates in part, noting that many servers already have
    Jari> them due to SSL? Then the other side would be authenticated

  If they already have them due to SSL, then they are probably using HTTPS only.
  Why secure this?
 
  We are concerned about securing all packets between all peers (not just
clients and servers).

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface

iQCVAwUBO4+6lYqHRg3pndX9AQGp9wQA1DbnQ7wQ6QmtcysVAETxpgtUCWkKM8vb
fe8/j18njndxUMql/LNZBc1SN41d2s2Fb4BBPrV+mtu/GPy8mKLD+XElS07Zfnvu
CEEk34+ZVhaU6cId818WhsyZXKMss0dN9PutcXAKY9+Zlo9RjTh8NEO9wlZgbEdo
cAmRw2C7bAc=
=wYnv
-----END PGP SIGNATURE-----

---

• Prev by Date: Re: inbound vs outbound?
• Next by Date: Re: [Design] Re: opportunistic encryption deployment problems
• Prev by thread: ( need more answer) inbound VS. outbound.
• Next by thread: Re: [Design] Re: opportunistic encryption deployment problems
• Index(es):
  • Main
  • Thread