[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How IKE is sometimes (mis-)used in the real world.
Henry Spencer wrote:
>
> When I started working with the FreeS/WAN project, upper management made a
> big point that there should (ideally) be *no way* to misconfigure the
> software to give a false appearance of security: communications should
> fail, or be obviously insecure, or be truly and thoroughly secure. The
> more I worked with the project, and dealt with real-user problems, the
> more strongly I agreed with this.
>
> Yes, misconfiguration is "pilot error"... but many cases of pilot error
> are really due, at least in part, to error-prone interfaces which make it
> too easy for tired, stressed people to make lethal mistakes. Engineering
> the failure modes out is much more effective than exhorting people to make
> fewer mistakes.
>
I don't think that what Thor is talking about in the second case--the
use of XAUTH and "group keys" is a "misconfiguration" in the
conventional
sense. Large organizations have deployed that particular mistake,
with
nearly-full understanding of the truly-horrible security implications.
Yes, software needs to make it difficult to do truly stupid things, and
the various horrible "group shared key" abominations in various
XAUTH variants count as the *software* being unsufficiently clueful.
But in the end, humans can hang themselves with quite small ropes...
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613
763 9145
Security Architecture and Planning Fax: (ESN) 393-2754 +1 613
763 2754
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------