[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: Last ditch proposal for crypto suites
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 29 Aug 2002 13:24:19 -0400
Cc: Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <p05111a0eb993fe9b9f62@[165.227.249.18]>, Paul Hoffman / VPNC writes
:
>At 11:44 AM -0400 8/29/02, Steven M. Bellovin wrote:
>>You know my opinion -- scrap a la carte.  But let me ask the question
>>differently:  Paul Hoffman, in your interoperability tests do you see
>>many different combinations actually used?  Or don't your tests go
>>there?
>
>We see a huge amount of variation. Of the systems that have GUIs, I have seen
>- default of DES and MD5
>- default of DES and SHA-1
>- default of TripleDES and SHA-1
>- no options: always does TripleDES and SHA-1
>and probably some others I have forgotten.
>
>Note that some of these systems have GUIs that only allow single 
>choices for the administrator, but send out multiple proposals anyway 
>("in order to increase interoperability", I am told).
>
>Almost every system allows different settings for Phase 1 and Phase 
>2, and on the ones I tinkered with, none warned if you used DES in 
>Phase 1 and TripleDES in Phase 2.
>
>Based on this and the agony I hear from users, I'm a strong proponent 
>of suites.

If I understand you correctly, you're saying that implementors and/or 
administrators are making different choices on what combinations to 
offer, thus hurting interoperability?  That suggests that even if we 
stick with a la carte, we should specify which combinations MUST be 
offered, from among the standard algorithms (subject to administrator 
security override, of course).

Aside -- and donning my AD hat for a moment -- I've become increasing 
concerned about interoperability.  We need to ensure that our 
standards, as well as being technical correct and secure, specify 
a minimum set of mandatory-to-implement mechanisms that will always be 
there.  Specs that say "you can solve this problem by doing (a) or (b)" 
are not acceptable, since different vendors will make different choices.
Empirically, we didn't get this right in IPsec.  Let's fix that now -- 
and precisely how we fix it, with suites or with better specification 
of how a la carte choices should be assembled, is less important from 
that perspective.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)

Follow-Ups:
- Re: Last ditch proposal for crypto suites
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
- Re: Last ditch proposal for crypto suites
  - From: Mouse <uri@optonline.net>
- Re: Last ditch proposal for crypto suites
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: RE: Last ditch proposal for crypto suites
Prev by thread: Re: Last ditch proposal for crypto suites
Next by thread: Re: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread