--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Fri, 10 Sep 2004 18:20:28 +0200
From: Eugen Leitl [EMAIL PROTECTED]
To: Cryptography List [EMAIL PROTECTED]
Subject: Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd
from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])
User-Agent: Mutt/1.4i
Sender: [EMAIL PROTECTED]
From: Joe Touch [EMAIL PROTECTED]
Subject: Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd
frTo: Discussions of anonymous Internet security. [EMAIL PROTECTED]
Date: Fri, 10 Sep 2004 09:03:50 -0700
Reply-To: Discussions of anonymous Internet security. [EMAIL PROTECTED]
Clarifications below...
Eugen Leitl wrote:
- Forwarded message from \Hal Finney\ [EMAIL PROTECTED] -
From: [EMAIL PROTECTED] (Hal Finney)
Date: Thu, 9 Sep 2004 12:57:29 -0700 (PDT)
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: potential new IETF WG on anonymous IPSec
The IETF has been discussing setting up a working group
for anonymous IPSec. They will have a BOF at the next IETF
in DC in November. They're also setting up a mailing list you
might be interested in if you haven't heard about it already.
...
http://www.postel.org/anonsec
To clarify, this is not really anonymous in the usual sense.
It does not authenticate the endpoint's identification, other than same
place I had been talking to.
There's no difference between having no name and having a name you
cannot trust. I.e., I could travel under the name anonymous or , or
under the name A. Smith. If you don't know whether I am actually A.
Smith, the latter is identical to the former.
Rather it
is a proposal to an extension to IPsec to allow for unauthenticated
connections.
Correction: it is a proposal to extend Internet security - including
Ipsec, but also including TCP-MD5 (sometimes called BGP MD5) and other
security mechanisms at various layers. It is not focused only on IPsec.
Presently IPsec relies on either pre-shared secrets or a
trusted third party CA to authenticate the connection. The new proposal
would let connections go forward using a straight Diffie-Hellman type
exchange without authentication.
This is one option, but not the only one.
It also proposes less authentication
of IP message packets, covering smaller subsets, as an option.
There are two aspects:
- smaller portion of the packet is hashed
- none of the packet is hashed, but a cookie is used
The point has nothing to do with anonymity;
The last one, agreed. But the primary assumption is that we can avoid a
lot of infrastructure and impediment to deployment by treating an
ongoing conversation as a reason to trust an endpoint, rather than a
third-party identification. Although anonymous access is not the primary
goal, it is a feature of the solution.
rather it is an attempt
to secure against weaknesses in TCP which have begun to be exploited.
Please review the draft; there are a number of reasons this is being
considered, not the least of which is to reduce the cumbersome
requirement of key infrastructure as well as to avoid performance penalties.
Sequence number guessing attacks are more successful today because of
increasing bandwidth, and there have been several instances where they
have caused disruption on the net. While workarounds are in place, a
better solution is desirable.
Please be more specific; how would it be better?
This new effort is Joe Touch's proposal to weaken IPsec so that it uses
less resources and is easier to deploy. He calls the weaker version
AnonSec. But it is not anonymous, all the parties know the addresses
of their counterparts.
Address != identity. Agreed, if what you want to do is hide traffic,
this does not provide traffic confidentiality. But it does not tell you
whether the packets come from 128.9.x.x (ISI, e.g.) or from someone
spoofing 128.9.x.x; all you know is that whoever is using that address
is capable of having an ongoing conversation (TCP connection, e.g.) with
you.
I.e., there are two ways to be anonymous, as noted earlier:
1) don't give out your name (A. Smith, e.g.)
2) give out a name, but it doesn't necessarily mean anything
(e.g., Mickey Mouse)
Even if you use real names in (2), there's no difference with (1),
since you don't know whether the real Mickey Mouse is using it.
Rather, it allows for a degree of security on
connections between communicators who don't share any secrets or CAs.
I don't think anonymous is the right word for this, and I hope the
IETF comes up with a better one as they go forward.
Hal Finney
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
- End forwarded message -
___
___
