Greg Broiles wrote:
>
> > [MODERATOR's NOTE: I'm sorry, but I find this totally wrongheaded. A
> > 3DES ethernet card need not be "trusted" -- if the thing interoperates
> > with other IPSec implementations, its correct, pure and
> > simple. Indeed, the slightest flaw and it would not
> > interoperate. Perhaps they could rig it to leak too much in the RF
> > spectrum, but they could do that with the rest of the chipset, too,
> > and you are using *that*.
>
> Which part of the IPSec standard would prevent the card from selecting
> key material from a restricted (and known) set of the keyspace, or from
> leaking information through a covert channel (which might include parts
> of other network packets, or timing of packets)?
>
It's not the IPsec standard that would prevent the card from selecting
key material, it's the OS API. The Windows 2000 offload spec (which
Intel says they support) runs the IKE as an (OS) application, and hands
the keys to the card/chip. I suppose that if a hardware RNG used by IKE
were compromised, though, then influencing half of the DH exponent would
be possible...
Can't argue with the notion of a covert channel, either. I guess if
you're in a position to be that paranoid, you'd better design your own
hardware, and stay away from commercial operating systems for which you
don't possess the source code.
Scott
