RE: Security Use Requirements

To: <Black_David@emc.com>, <sob@harvard.edu>, <ips@ece.cmu.edu>
Subject: RE: Security Use Requirements
From: "Douglas Otis" <dotis@sanlight.net>
Date: Wed, 7 Feb 2001 17:18:04 -0800
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="iso-8859-1"
Importance: Normal
In-Reply-To: <0F31E5C394DAD311B60C00E029101A07041014F7@corpmx9.isus.emc.com>
Sender: owner-ips@ece.cmu.edu

David,

> There's no such thing as a perfect security mechanism that is secure from
> all attacks for all time.  The reason for using off-the-shelf mechanisms
> like IPSec and TLS is that peer review in the security community has
> eliminated not only all of the obvious problems, but also all of the
> non-obvious ones that have turned up.  Asking for a mechanism that is
> guaranteed to be immune from all possible attacks is a veiled argument
> for no security, and is hence nonsense.
>
> Assuming that keys that are supposed to remain secret do remain secret,
> TLS and IPSec are safe from all of the obvious man-in-the-middle attacks
> *when properly configured* and are likewise safe from the obvious
> spoofing attacks provided that the key distribution mechanism used
> works correctly (which can be a tall assumption).  In some cases,
> other components also need to be secured, for example, if DNS
> names are used as identities, DNS may have to be secured via
> something like DNSSEC depending on how DNS is used.

My comment was not a veiled argument for no security but rather an open
question.  I would wish to argue for only mandating authentication and
integrity and make privacy an option.  If to follow NFS and use of GSS-API
(http://www.ietf.org/rfc/rfc1961.txt) as mentioned by David Robinson, with
recommend (Kerberos V5) (http://web.mit.edu/kerberos/www/) and Internet size
security (Lipkey) (http://www.ietf.org/rfc/rfc2847.txt for authentication
and integrity where perhaps just the dynamic portion of the PDU headers are
encrypted as a type of checksum.  Privacy seems like an expensive
proposition to make mandatory for the entire data payload.

System as well as security management is an expensive subject.  The use of
the SCSI device to indicate authorization implies an undefined interface to
this device.  Should this WG also consider a specification for informing the
SCSI device the system or user authorization.  Should such information be
considered an aspect of security related to IPS?

Doug

Follow-Ups:
- RE: Security Use Requirements
  - From: Michael Eisler <mre@zambeel.com>

References:
- RE: Security Use Requirements
  - From: Black_David@emc.com

Prev by Date: RE: Security Use Requirements
Next by Date: RE: Security Use Requirements
Prev by thread: RE: Security Use Requirements
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order