[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transport Layer Security (Was: Re: "Cypherpunks Write Code" as a Putdown)

By the way, I'm very disappointed that this sort of topic doesn't come
up here more often. I perceive that it may be because lots of people
on this list are cyphergroupies and not actually tuned in to the
technical issues of securing every-day communication.

Futplex writes:
> Could someone say a bit more about the perceived difficulties associated
> with secure network routing protocols ?  TIA.

> I am not at all optimistic about defeating DoS attacks....

The people building the new routing protocols (BGP, OSPF, etc) have
included cryptographic security provisions in them that will work
regardless of whether IPSEC is available. Some of these have to be
hand configured but thats not actually a problem since peering in many
of these systems has to be hand configured in the first place. I had a
long talk with the Area Director for routing and such in the bar at
the last IETF meeting and he gave me the impression the routing people
are acutely aware of the problem and hope to assure that it disappears
with time.

Given cryptographic security on the routing packets, denial of service
attacks directed against routing become hard. Photuris has built in
protection against denial of service against it, by the way.

With luck, we will be down to dealing with very crude denial of
service attacks like packet flooding and hopefully we can come up with
reasonable mechanisms to stop them in the ordinary case.


PS Again, I strongly encourage people to get involved in the efforts
to secure the internet with IPSEC, MOSS and similar things. WE NEED YOU!