[122642] in cryptography@c2.net mail archive
Re: User interface, security, and "simplicity"
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Tue May 6 15:15:15 2008
Date: Tue, 6 May 2008 14:05:24 -0500
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: "Perry E. Metzger" <perry@piermont.com>,
Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com
In-Reply-To: <20080506154046.6a23cf8f@yellowstone.machshav.com>
On Tue, May 06, 2008 at 03:40:46PM +0000, Steven M. Bellovin wrote:
> Experiment part two: implement remote login (or remote IMAP, or remote
> Web with per-user privileges, etc.) under similar conditions. Recall
> that being able to do this was a goal of the IPsec working group.
>
> I think that part one is doable, though possibly the existing APIs are
> incomplete. I don't think that part two is doable, and certainly not
> with high assurance. In particular, with TLS the session key can be
> negotiated between two user contexts; with IPsec/IKE, it's negotiated
> between a user and a system. (Yes, I'm oversimplifying here.)
"Connection latching" and "connection-oriented" IPsec APIs can address
this problem.
Solaris, and at least one other IPsec implementation (OpenSwan? I
forget) makes sure that all packets for any one TCP connection (or UDP
"connection") are protected (or bypassed) the same way during their
lifetime. "The same way" -> by similar SAs, that is, SAs with the same
algorithms, same peers, and various other parameters.
A WGLC is about to start in the IETF BTNS WG on an I-D that describes
this.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
