[16138] in cryptography@c2.net mail archive
Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal@finney.org) (fwd from touch@ISI.EDU)
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Sat Sep 11 12:52:47 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 10 Sep 2004 18:20:28 +0200
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--f2HZcOtcMk6bzglx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
From: Joe Touch <touch@ISI.EDU>
Subject: Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd fr=
To: "Discussions of anonymous Internet security." <anonsec@postel.org>
Date: Fri, 10 Sep 2004 09:03:50 -0700
Reply-To: "Discussions of anonymous Internet security." <anonsec@postel.org>
Clarifications below...
Eugen Leitl wrote:
>----- Forwarded message from "\"Hal Finney\"" <hal@finney.org> -----
>
>From: hal@finney.org ("Hal Finney")
>Date: Thu, 9 Sep 2004 12:57:29 -0700 (PDT)
>To: cryptography@metzdowd.com, cypherpunks@al-qaeda.net,
> rah@shipwright.com
>Subject: Re: potential new IETF WG on anonymous IPSec
>
>
>>The IETF has been discussing setting up a working group
>>for anonymous IPSec. They will have a BOF at the next IETF
>>in DC in November. They're also setting up a mailing list you
>>might be interested in if you haven't heard about it already.
>>...
>> http://www.postel.org/anonsec
>
>
>To clarify, this is not really "anonymous" in the usual sense.=20
It does not authenticate the endpoint's identification, other than "same=20
place I had been talking to."
There's no difference between having no "name" and having a name you=20
cannot trust. I.e., I could travel under the name "anonymous" or "", or=20
under the name "A. Smith". If you don't know whether I am actually A.=20
Smith, the latter is identical to the former.
>Rather it
>is a proposal to an extension to IPsec to allow for unauthenticated
>connections.
Correction: it is a proposal to extend Internet security - including=20
Ipsec, but also including TCP-MD5 (sometimes called "BGP MD5") and other=20
security mechanisms at various layers. It is not focused only on IPsec.
>Presently IPsec relies on either pre-shared secrets or a
>trusted third party CA to authenticate the connection. The new proposal
>would let connections go forward using a straight Diffie-Hellman type
>exchange without authentication.
This is one option, but not the only one.
>It also proposes less authentication
>of IP message packets, covering smaller subsets, as an option.
There are two aspects:
- smaller portion of the packet is hashed
- none of the packet is hashed, but a cookie is used
>The point has nothing to do with anonymity;
The last one, agreed. But the primary assumption is that we can avoid a=20
lot of infrastructure and impediment to deployment by treating an=20
ongoing conversation as a reason to trust an endpoint, rather than a=20
third-party identification. Although anonymous access is not the primary=20
goal, it is a feature of the solution.
>rather it is an attempt
>to secure against weaknesses in TCP which have begun to be exploited.
Please review the draft; there are a number of reasons this is being=20
considered, not the least of which is to reduce the cumbersome=20
requirement of key infrastructure as well as to avoid performance penalties.
>Sequence number guessing attacks are more successful today because of
>increasing bandwidth, and there have been several instances where they
>have caused disruption on the net. While workarounds are in place, a
>better solution is desirable.
Please be more specific; how would it be better?
>This new effort is Joe Touch's proposal to weaken IPsec so that it uses
>less resources and is easier to deploy. He calls the weaker version
>AnonSec. But it is not anonymous, all the parties know the addresses
>of their counterparts.
Address !=3D identity. Agreed, if what you want to do is hide traffic,=20
this does not provide traffic confidentiality. But it does not tell you=20
whether the packets come from 128.9.x.x (ISI, e.g.) or from someone=20
spoofing 128.9.x.x; all you know is that whoever is using that address=20
is capable of having an ongoing conversation (TCP connection, e.g.) with=20
you.
I.e., there are two ways to be anonymous, as noted earlier:
1) don't give out your name (A. Smith, e.g.)
2) give out a name, but it doesn't necessarily mean anything
(e.g., Mickey Mouse)
Even if you use "real" names in (2), there's no difference with (1),=20
since you don't know whether the real Mickey Mouse is using it.
>Rather, it allows for a degree of security on
>connections between communicators who don't share any secrets or CAs.
>I don't think "anonymous" is the right word for this, and I hope the
>IETF comes up with a better one as they go forward.
>
>Hal Finney
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
>
>----- End forwarded message -----
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
_______________________________________________
----------
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
--f2HZcOtcMk6bzglx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQFBQdRMdbAkQ4sp9r4RApBPAKCFdOanyfbn7unakWW8AtnPx+SdJACeO2Wb
dKb7Hjc38AsChOBIvk0e0HY=
=d3H8
-----END PGP SIGNATURE-----
--f2HZcOtcMk6bzglx--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
