[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 10 years and no ubiquitous security
In message <3C93EEA3.28833ABD@greendragon.com>, William Allen Simpson writes:
>"The Purple Streak (Hilarie Orman)" wrote:
>> Mild-mannered S. Kent is in reality SuperNoSecMan. He adds
>> the essential anti-replay counter to IPsec protocols and, ...
>> causes people to NOT adopt them?
>
>Actually, of course, Steve Kent did not add the counter. It was in
>swIPe, from the beginning. It was in my drafts, from the beginning.
>
>It was certain members of the WG who insisted we didn't need the
>counter. At least one has admitted he was wrong. Are you ever going to
>admit you were?
>
>Anyway, when we published the first set of RFCs, I carefully documented
>the need for a Replay Protection sequence number in 1995:
> "Internet Security Transform Enhancements"
>
Right. The only copy I could find was from 1996, but I don't think
that that difference is important.
(http://www.watersprings.org/pub/id/draft-simpson-ipsec-enhancement-00.txt)
The problem with it -- and the reason I had objected to sequence numbers --
is that it never justified *why* they were necessary, beyond rather
minor DoS prevention. It simply said "replay protection provides
cryptographically secure at-most-once datagram delivery." But there
was no analysis of why one would want that. The same is true of the
swIPe paper and I-D -- there was no analysis beyond saying "replay
protection".
When attacks on confidentiality were developed that exploited the lack
of replay prevention, I changed my mind and strongly supported sequence
numbers. The difference is that there was then a reason. For what
it's worth, Kent applauded the restoration of the counter -- he knew it
was necessary.
But Bill, I'm trying to understand what your point is. We can't force
people to use security. IPsec is standard in most major business
operating systems (Win2K, Solaris, *BSD, etc.) and available for for
Linux. There are hardware solutions -- I have a small IPsec box with
me in Minneapolis. But except for VPN scenarios, most people choose
not to use it. I think there's a lesson there, but I fail to see how
Steve Kent or any of the other players in the history of IPsec are at
all at fault.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com