...
Capability wise, there is nothing except cryptographic data integrity that
prevents an eavesdropper from injecting their own traffic. On HTTP, this
enables redirecting the browser to an arbitrary site (for exploitation),
extracting any not-SSL-only cookies, injecting arbitrary code at the end of a
web page, etc. Absent DNSSEC validation on the part of the victim, DNS
injection allows the attacker to MITM any connection.
The ability to effect active and passive attacks is not uniform, and
often not equivalent,
at least not on a per link basis. An attacker may be able to listen to a
satellite down link or
a fiber cable, but not be able to inject packets into these links. So it
is not quite accurate
to assert that any adversary who can passively monitor (a link) can also
engage in active attacks
(on that link). The general form of active attacks that we usually
assume in IETF security assesments
are MITM, which may be very hard to effect, depending on the context.
Similarly, at layer 2, absent significant protection in the switch, properly configured,
both DHCP and ARP injection allows similar total hijacking. There are no capability
limitations of note for a "passive" eavesdropper who wants to become active.
What constitutes "significant protection?"
Thus it really is "will" as convenient shorthand: is the attacker willing to
use this and chance getting caught if a subtle detector is actually looking for the signs
of attack?
I think it is more than just a concern re being detected.
We need universal protection against active adversaries, because the precedents
have been set and the distinction between passive and active really is the
willingness of the adversary to include active techniques. We need end-to-end
data integrity on all communication and if you have end-to-end integrity,
anything point-to-point rather than broadcast should also include
confidentiality since you can just about get it for free by this point.
I agree that adding confidentiality is almost free once you have
accepted the costs of integrity.
There may be hidden costs, though, of the sort I mentioned earlier,
e.g., reduced ability to effect
traffic engineering, load balancing, and debugging.
When you mention integrity do you mean integrity w/o authentication? To
me that's reminiscent of
the Rocky and Bullwinkle ad cut-away about fan mail from a flounder. If
a bottle containing a note
were securely sealed, then one might assume that it was afforded
integrity. But without authentication,
we don't know which flounder sent the note, which seems unsatisfying.
Integrity w/o authentication
is MUCH easier than authenticated integrity, but I worry that folks will
misinterpret the security
they're getting, with unfortunate results.
--
Nicholas Weaver it is a tale, told by an idiot,
[email protected] full of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
