Re: [LinkSec] Teleconf 12/17 notes
allyn romanow wrote:
>
> Here are notes from the Conference call today - with the usual apologies to
> people whose names I mangled, and whose messages I sorely garbled. Send
> corrections, suggestions to me or the list, whichever seems appropriate -
> thanks, Allyn
>
Thanks, Allyn, for the excellent notes. I had a conflict today that
came up at the last minute. Grumble.
Anyway, I have a comment on the notes:
There was a discussion about "self containedness" and having protocols
depend on lower-layer protocols. From a security perspective, the
only
time you get into trouble is if your higher-layer key-management
protocol
makes some *security critical* assumptions about the layers underneath
it. For example, a key-management scheme that assume that its
transport mechanism provided confidentiality and cryptographic
integrity
wouldn't necessarily have those mechanisms native to it. It most
cases,
it's a terribly assumption for key-management to assume that it rides
on top of a secure transmission layer. In IPsec, the key-management
scheme rides on top of UDP, but provides secure key-management
mechanisms
for the two cryptographic transforms (AH and ESP) that sit lower in
the
stack. The only assumptions that the key-management layer makes is
that
some significant fraction of the time, its transmission channel
(UDP+IP+{whatever}) manages to get packets through.
In our situation, key management could well be done at any of the
layers,
provided that its *security-critical* assumptions are all
self-contained.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Advisor Phone: (ESN) 393-9145 +1 613
763 9145
Security Architecture and Planning Fax: (ESN) 393-9435 +1 613
763 9435
Nortel Networks mleech@nortelnetworks.com
-----------------Expressed opinions are my own, not my employer's------