RE: Security Use Requirements

To: <Black_David@emc.com>, <ips@ece.cmu.edu>
Subject: RE: Security Use Requirements
From: "Bernard Aboba" <aboba@internaut.com>
Date: Mon, 5 Feb 2001 15:26:13 -0800
Cc: "RJ Atkinson" <rja@inet.org>, "Smb@Research. Att. Com" <smb@research.att.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <0F31E5C394DAD311B60C00E029101A07041014E4@corpmx9.isus.emc.com>
Sender: owner-ips@ece.cmu.edu

It is hard for me to see how you could
get away with no security services at all 
(e.g. no per-packet authentication and integrity 
protection for iSCSI PDUs). 

After all, we're talking about facilities
that are used by the world's major financial
institutions. If this data isn't worth protecting,
I don't know what is. Do you really want
attackers to be able to manipulate the contents
of bank accounts at will over the Internet?

Furthermore, there really isn't a sound technical
argument for dispensing with security. There are
chipsets available that can provide IPSEC 
integrity and authentication services at 
speeds of 1 Gbps or higher. 



-----Original Message-----
From: owner-ips@ece.cmu.edu [mailto:owner-ips@ece.cmu.edu]On Behalf Of
Black_David@emc.com
Sent: Monday, February 05, 2001 12:54 PM
To: ips@ece.cmu.edu
Subject: Security Use Requirements


In Orlando, I picked up an action item to determine what
the requirements are for *use* of security features,
as opposed to requirements for *implementation*.  I
believe the answer to be that it is acceptable to
specify security measures weaker than those one would
want to use in full generality on a public network,
where "weaker" includes no security.

There are two important caveats that apply:
- Security of the negotiation mechanism becomes
	very important when this is done, as there's
	an obvious man-in-the-middle attack on the
	negotiation mechanism to get the endpoints
	to negotiate weaker security than they intended.
- The weaker security mechanisms need to be documented
	in terms of their security properties (and lack
	thereof), as well as environments in which they
	are appropriate.  The "Security Considerations"
	section of RFC 2338 (VRRP) has been recommended
	as a good example of this.

--David
---------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 42 South St., Hopkinton, MA  01748
+1 (508) 435-1000 x75140     FAX: +1 (508) 497-8500
black_david@emc.com       Mobile: +1 (978) 394-7754
---------------------------------------------------

References:
- Security Use Requirements
  - From: Black_David@emc.com

Prev by Date: RE: iSCSI Data Integrity - Digests
Next by Date: RE: iSCSI Data Integrity - Digests
Prev by thread: Security Use Requirements
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:35 2001
6315 messages in chronological order