[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "encrypt tcp connections" hacks



   From: "Perry E. Metzger" <[email protected]>

   Eric Hughes says:
   > Perry advocates IPSP as an almost-panacea for Internet security.  I
   > disagree.

   Well, no; it doesn't fix things like mail for which the data needs to
   be protected but not the link. 
   
In the case of email, there's the same discrepancy I pointed out
earlier -- the machine or filesystem boundary is not the same as the
trust boundary.  This will happen for email as well as more live and
online communications needs.

   TIA is sort of a short term hack people are using to get around having
   to have their administrators manage SLIP or PPP properly; I suspect
   this difficulty will vanish with time.

I agree with you that this particular example may be short lived, but
you appear to have ignored the more fundamental point I was making.
Namely, the existence of communications proxies which _change_ the
level of abstraction will be with us forever.  The TIA unix end
switches from TCP-to-the-world to IP-to-the-PC.  That's a level
switch.

   IP is ultimately designed to be a proxy protocol that will work over
   anything -- stuff like TIA simply gets around temporary mental
   difficulties among providers in seeing things that way...<

I'm not saying that IP proxies won't exist.  What I am saying is that
other forms of proxying will also exist.  Not all policies will be
able to be enforced at the IP level.  As soon as you want security
policy to apply to non-IP abstractions, IPSP is no longer primary,
even if it's still involved.

Firewall policies are a prime example of security policy enforced at
the TCP and UDP levels, with access control by port number.  External
firewalls, a class that includes packet laundries, web proxies, and
IRC anonymizers, will not for the most part operate at the IP level.

It's certain that IP security will greatly increase the overall
security of the Internet.  I'm not advocating its removal but rather
the acknowledgement that higher (and lower) level abstractions will
require their own cryptography.

Eric