[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 5.1-5.2

To: ipsec@lists.tislabs.com
Subject: Re: SOI QUESTIONS: 5.1-5.2
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 12 Jul 2002 12:35:05 -0400
In-reply-to: Your message of "12 Jul 2002 09:07:55 EDT." <000f01c229a5$23a1bca0$1e72788a@ca.alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
    >> I don't find this acceptable.
    >> 1) in order to avoid permitting users to shoot themselves
    >> in the foot, some
    >> GUI will have to *restrict* them to those ciphersuites.

    Andrew> The nice thing about GUI ciphersuites is that you could choose to implement
    Andrew> only the 2 MUST IMPLEMENT combinations and nothing else, and you would be
    Andrew> interoperable with everyone else, but other people could still implement the
    Andrew> feature however they want. (Unless the aim of ciphersuites is to cripple
    Andrew> everyone's implementation equally so that yours doesn't stand out for not
    Andrew> giving the user the choice.) Part of the purpose of GUI

  Then how do you test all the code? 

    >> 2) Given the above, how do I test all combinations?
    >> 
    >> Talk to your testing people on this.  Let them make the decision.

    Andrew> Our testers have a script for generating and negotiating every possible
    Andrew> combination of algorithms. Personally, I don't think black box testing of
    Andrew> this sort is very useful. 

  I do. Particularly when certain *combinations* are accelerated by
hardware. You have to make sure that you only use the hardware at the right
times, and in the right modes.
  I have that script as well. I think that it is excessive featurism.

    Andrew> Way back in the 80s (or perhaps even the 70s), someone invented the idea of
    Andrew> modularity. Modularity makes testing every possible combination a luxury,
    Andrew> rather than a necessity. The crypto code is first tested with known answer
    Andrew> tests. Then the packet transform code is tested with the assumption that the
    Andrew> crypto code works (perhaps using manual keying). Since the crypto is a black
    Andrew> box, what you are testing is code that allocates buffers and moves memory

  It is a nice theory. It works a lot of the time. 
  It also fails to catch interactions among different pieces of the system.

  *UNTIL* someone tries to optimize things. Or the GUI people are told my
marketing to enable to FOO,BAR,BUMBLE combination because they need it for a
demo, and none of *them* realize that this combination has never been tested.

  One might optimize because of code size (remember those PDA/phone people)
from a generic base.  

  The theory people also say that suites are a *LOT* easier to analyze.

  The hardware people like suites, because it makes their hardware simpler
and provides them a better picture of what needs to be implemented. Remember
that testing of the VHDL/Verilog has to be done TOO.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPS8FNoqHRg3pndX9AQGwZQQAspydOasCqMVpc+sFmrecxXXm92E1ssjJ
t684G5lU/R/rzxcUy9y/INsjN9NVI97UPuOuT/8C50zZ8IYjR73QPI2yw0gBrMgm
fllB8qDRsnfrJPukiyT6MJpw+OHqNTDHAvHqKWwhp3d96JpYC2ZKkSRLd8v0/WTM
oP5K9nRrQhc=
=0B6v
-----END PGP SIGNATURE-----

References:
- RE: SOI QUESTIONS: 5.1-5.2
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Agenda Items Solicitation
Next by Date: Re: SOI QUESTION: 5.3 SPD entries
Prev by thread: RE: SOI QUESTIONS: 5.1-5.2
Next by thread: SOI QUESTION: 5.1.2 Agreement of IPsec SA cryptographic algorithms
Index(es):
- Date
- Thread