[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 10 years and no ubiquitous security



In message <3C93EEA3.28833ABD@greendragon.com>, William Allen Simpson writes:
>"The Purple Streak (Hilarie Orman)" wrote:
>> Mild-mannered S. Kent is in reality SuperNoSecMan.  He adds
>> the essential anti-replay counter to IPsec protocols and, ...
>> causes people to NOT adopt them? 
>
>Actually, of course, Steve Kent did not add the counter.  It was in 
>swIPe, from the beginning.  It was in my drafts, from the beginning.
>
>It was certain members of the WG who insisted we didn't need the 
>counter.  At least one has admitted he was wrong.  Are you ever going to 
>admit you were?
>
>Anyway, when we published the first set of RFCs, I carefully documented 
>the need for a Replay Protection sequence number in 1995:
>  "Internet Security Transform Enhancements"
>

Right.  The only copy I could find was from 1996, but I don't think 
that that difference is important.  
(http://www.watersprings.org/pub/id/draft-simpson-ipsec-enhancement-00.txt)
The problem with it -- and the reason I had objected to sequence numbers -- 
is that it never justified *why* they were necessary, beyond rather 
minor DoS prevention.  It simply said "replay protection provides
cryptographically secure at-most-once datagram delivery."  But there 
was no analysis of why one would want that.  The same is true of the 
swIPe paper and I-D -- there was no analysis beyond saying "replay 
protection".

When attacks on confidentiality were developed that exploited the lack 
of replay prevention, I changed my mind and strongly supported sequence 
numbers.  The difference is that there was then a reason.  For what 
it's worth, Kent applauded the restoration of the counter -- he knew it 
was necessary.

But Bill, I'm trying to understand what your point is.  We can't force 
people to use security.  IPsec is standard in most major business 
operating systems (Win2K, Solaris, *BSD, etc.) and available for for 
Linux.  There are hardware solutions -- I have a small IPsec box with 
me in Minneapolis.  But except for VPN scenarios, most people choose 
not to use it.  I think there's a lesson there, but I fail to see how 
Steve Kent or any of the other players in the history of IPsec are at 
all at fault.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com