SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Security Use Requirements



    David,
    
    > There's no such thing as a perfect security mechanism that is secure from
    > all attacks for all time.  The reason for using off-the-shelf mechanisms
    > like IPSec and TLS is that peer review in the security community has
    > eliminated not only all of the obvious problems, but also all of the
    > non-obvious ones that have turned up.  Asking for a mechanism that is
    > guaranteed to be immune from all possible attacks is a veiled argument
    > for no security, and is hence nonsense.
    >
    > Assuming that keys that are supposed to remain secret do remain secret,
    > TLS and IPSec are safe from all of the obvious man-in-the-middle attacks
    > *when properly configured* and are likewise safe from the obvious
    > spoofing attacks provided that the key distribution mechanism used
    > works correctly (which can be a tall assumption).  In some cases,
    > other components also need to be secured, for example, if DNS
    > names are used as identities, DNS may have to be secured via
    > something like DNSSEC depending on how DNS is used.
    
    My comment was not a veiled argument for no security but rather an open
    question.  I would wish to argue for only mandating authentication and
    integrity and make privacy an option.  If to follow NFS and use of GSS-API
    (http://www.ietf.org/rfc/rfc1961.txt) as mentioned by David Robinson, with
    recommend (Kerberos V5) (http://web.mit.edu/kerberos/www/) and Internet size
    security (Lipkey) (http://www.ietf.org/rfc/rfc2847.txt for authentication
    and integrity where perhaps just the dynamic portion of the PDU headers are
    encrypted as a type of checksum.  Privacy seems like an expensive
    proposition to make mandatory for the entire data payload.
    
    System as well as security management is an expensive subject.  The use of
    the SCSI device to indicate authorization implies an undefined interface to
    this device.  Should this WG also consider a specification for informing the
    SCSI device the system or user authorization.  Should such information be
    considered an aspect of security related to IPS?
    
    Doug
    
    
    
    


Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order