Re: Making IPsec *not* mandatory in Node Requirement

[Julien Laganier <julien.IETF@laposte.net>]

Thomas, all,

On Wednesday 27 February 2008, Thomas Narten wrote:
> Tony,
>
> > For those that have forgotten, the entire reason for mandating
> > IPsec is to get away from the 47 flavors of security that are never
> > really configured correctly or completely understood. Yes for any
> > given situation someone can design an optimized protocol, but as
> > soon as the situation changes the optimization no longer applies,
> > and may expose unexpected holes. This was in fact happening at the
> > time the mandate was put in.
>
> Right.  Having one way to do things is far better than having 47.
>
> But if we look at the reality of things, IPsec (and we have to
> include IKE in evaluating this), IPsec just isn't the ideal
> one-size-fits-all technology we'd like it to be.
>
> For example, one big problem is the lack of a proper API for
> applications to communicate with IPsec to select services and verify
> that a certain level of security is present. 

Would that be the major showstopper in using IPsec for other things than 
VPNs, the IETF has chartered the BTNS WG to work on APIs to communicate 
with IPsec. The WG currently has two documents that need reviews:

http://tools.ietf.org/wg/btns/draft-ietf-btns-abstract-api/
http://tools.ietf.org/wg/btns/draft-ietf-btns-c-api/

> Second, good security says "don't trust anyone but yourself". So, do
> you trust the OS you are running on? 

If someone cares about security but doesn't trust the OS he's running 
on, I think the best thing he can do is to not use the OS in question.

> Do you trust the IPsec embedded in the system that was implemented by
> a third party? 

Keeping IPsec mandatory would be one facilitator of the move from IPsec 
implementation from third party to native IPsec implementation shipped 
with the OS that has to be trusted.

> Smart applications implement their own security (e.g., TLS) to ease
> deployment. 

How many applications really implement their *own* security? Many 
applications I'm using daily relies on libraries shipped with the OS 
that has to be trusted, e.g. gnutls and openssl.

> We'll never get them to rely on IPsec, at least not until its much
> more widely available/useable. 

Agree. But I think the availability part can be helped by keeping IPsec 
mandatory (so that it gets in more and more OS's), while the usability 
part can be helped by getting the BTNS WG to deliver its APIs (so that 
applications can finally start using IPsec).

--julien
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------