[dtn-security] Re(2): Encrypted IP headers

Peter Lovell <plovell@mac.com> Wed, 15 July 2009 11:50 UTC

Received: from asmtpout019.mac.com (asmtpout019.mac.com [17.148.16.94]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6FBoZi9031866 for <dtn-security@maillists.intel-research.net>; Wed, 15 Jul 2009 04:50:35 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [157.185.80.152] by asmtp019.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMT00CYDNHQGR40@asmtp019.mac.com> for dtn-security@maillists.intel-research.net; Wed, 15 Jul 2009 04:49:05 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: "Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@LeonixSolutions.com>
Date: Wed, 15 Jul 2009 07:49:03 -0400
Message-id: <20090715114903.2002525481@smtp.mac.com>
In-reply-to: <4A5D4703.1000002@LeonixSolutions.com>
References: <89E48AE60E64EF4E8EB32B0B7EC74920A1B0F5@EVS-EC1-NODE2.surrey.ac.uk> <023601c9df2a$694fd5b0$3bef8110$@com> <4A2DF7FD.5020104@LeonixSolutions.com> <3A5AA67A8B120B48825BFFCF5443856137E3553C4B@NDJSSCC03.ndc.nasa.gov> <"029d01c 9e925$1e354880$5a9fd980$"@com> <4A46C257.3040006@LeonixSolutions.com> <"2009062 8050243.1566215671"@smtp.mac.com> <4A46FBB2.3080205@LeonixSolutions.com> <"2009 0628052255.640550503"@smtp.mac.com> <4A470CD7.4010502@LeonixSolutions.com> <"20 090628141313.1532044204"@smtp.mac.com> <4A4878A6.7010707@LeonixSolutions.com> <20090629123400.1726285002@smtp.mac.com> <C304DB494AC0C04C87C6A6E2FF5603DB2217B29183@NDJSSCC01.ndc.nasa.gov> <4A497B04.3070909@LeonixSolutions.com> <20090630122842.1049441707@smtp.mac.com> <4A556063.2010305@LeonixSolutions.com> <20090709041417.302976474@smtp.mac.com> <4A56E1CA.7080000@LeonixSolutions.com> <20090710120958.2016629300@smtp.mac.com> <4A5AA83C.7030400@LeonixSolutions.com> <20090713134603.958934311@smtp.mac.com> <4A5D4703.1000002@LeonixSolutions.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Cc: dtn-security@maillists.intel-research.net
Subject: [dtn-security] Re(2): Encrypted IP headers
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2009 11:50:36 -0000

On Wed, Jul 15, 2009, Graham Keellings (Leonix Solutions Pte Ltd)
<Graham@LeonixSolutions.com> wrote:

>>  Most systems have some interaction with the outside even
>> though the community may be a closed one.
>>   
>Many military, navy, government, financial systems have a hard 
>requirement that they do not communicate with the internet (or even with 
>anything that does). In my case, I can live with that.

I guess I need to enlarge on the point I was trying to make. 

A fully-isolated system will be easier to secure but this requires full
isolation. That is, no networking contact at all with the outside. Once
you have that, I'm not sure that encrypting the IP headers etc gives you
a decent return on your effort.

The challenging situations where dtn is attractive will probably have
interactions with the outside world, even though there might not be
"communication" in the sense of exchanging information. If you have a
portable radio, it has to deal with every packet in order to find the
ones of interest. So your community might be closed but, at the lowest
level, you have to listen to everything. And that's where the trouble starts. 

Regards.....Peter