Noel's summary of the technical flaws in the claims
about GSE security is entirely consistent with reality.
Both Steve Bellovin and I were on the IAB a few years
back when the issue of the "GSE Analysis" draft came up.
Steve was quite clear that the claims that existing
"IP Address-based authentication" (sic) were meaningful
were widely rejected within the security community.
Among of the points he made were that IP address forgery
is (1) widespread in the deployed Internet,
(2) practical for an attacker to undertake,
and (3) well known historically.
[CERT CA-1995-01, CERT CA-1995-18]
The only viable fix for these well-understood failures
of "address-based authentication" (sic), as tli already
pointed out, is to deploy IPsec transport-mode for the
packets being protected.
(Tunnel-mode IPsec doesn't bind the IP address(es) of
the tunnelled IP packet to the IPsec Security Association,
unlike transport-mode IPsec, so with tunnel-mode there
is no cryptographic authentication of the addresses.)
IPsec for ILNP is actually an improvement over IPsec for IP,
because it only binds cryptographically to the Identifier
value. This means that locator-rewriting has no impact
on the IPsec processing and also no impact on the provided
security properties.
(Of course, only the authorised parties known the IPsec
Security Association attributes, such as the crypto key,
so an attempted forger would not be able to create a packet
with IPsec that passed cryptographic authentication
while claiming to be from some intended-victim's identifier.)
Yours,
Ran
_______________________________________________
rrg mailing list
[email protected]
http://www.irtf.org/mailman/listinfo/rrg
