IETF Logo Mail Archive

Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???

Phillip Hallam-Baker <hallam@gmail.com> Mon, 09 December 2013 12:55 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57D831AE2B3 for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 04:55:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id keN8igWjURcW for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 04:55:01 -0800 (PST)
Received: from mail-we0-x236.google.com (mail-we0-x236.google.com [IPv6:2a00:1450:400c:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 390321AE2AF for <perpass@ietf.org>; Mon, 9 Dec 2013 04:55:01 -0800 (PST)
Received: by mail-we0-f182.google.com with SMTP id q59so3413724wes.27 for <perpass@ietf.org>; Mon, 09 Dec 2013 04:54:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XJDYBdR7McZnxn87q7Xw23QxY+RE5PdBG4mg3SiDUT4=; b=mkVL6OzGvoE0lV3KNTpERvV1iUHETY0aNhNZYUbHPQrP62J4qbtckyZMx+eAnJ+saI rtACErMUMO9YPRoLRB7+kW2T1Do3aKnP/d1p5R4NzJNTo3f6qhqMfNHsr/+tAZ/VnF+t CB9WjRGXzyC7w1+2QzbrQzsVIDmIIpg6Dny9TKx8U17jfUj6/QR/dyPbFxIn7+hbcmdH gFNY3KylvEqMH1SmG0s83sx+gczRIeBSRAnmlJJfICP0CGJT3J++QcCQjXGwdnmpvRap v6gwB1f2Yk8NFzOBCCi6LdXYopEgV7uKDXeS08XgC0MDzl1Ir/XSUxfQR+3VJY63rb2n Gpww==
MIME-Version: 1.0
X-Received: by 10.180.107.168 with SMTP id hd8mr14024910wib.32.1386593695917; Mon, 09 Dec 2013 04:54:55 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Mon, 9 Dec 2013 04:54:55 -0800 (PST)
In-Reply-To: <4613980CFC78314ABFD7F85CC302772121B1EC40@IL-EX10.ad.checkpoint.com>
References: <CAMm+LwijWwanC+KLaSC-Kgq4vP=8in8Juo2Gbd=URh4zVf55nA@mail.gmail.com> <0FE7905C-950F-4030-8A47-37C523FB497A@doubleshotsecurity.com> <95276F1E-2293-41F3-A6E7-7AEF4B22E811@doubleshotsecurity.com> <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com> <4613980CFC78314ABFD7F85CC302772121B1EC40@IL-EX10.ad.checkpoint.com>
Date: Mon, 09 Dec 2013 07:54:55 -0500
Message-ID: <CAMm+Lwhq0Sk9dgkwADA9O9neUGC2MTMWpUU9H3zJSz+ye6mdXQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary="e89a8f2356dfb1780604ed198031"
Cc: perpass <perpass@ietf.org>, Merike Kaeo <merike@doubleshotsecurity.com>
Subject: Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 12:55:03 -0000

On Mon, Dec 9, 2013 at 2:23 AM, Yoav Nir <ynir@checkpoint.com> wrote:

> Phil,
>
> The issue is not that ESP needs a NULL cipher. It's that AH wouldn't
> traverse NAT, and so they needed ESP to do the work that AH was designed to
> do.
>

I understand that, though the fact that ESP with authentication would work
through NAT but not AH seems remarkably odd to me. It suggests that the
design is wrong.

That flags a design error in the protocol AFIAK.

As a remote access protocol, IPSEC has fallen far short of satisfactory. It
has been necessary to install a plug in to use every corporate VPN I have
used to date.



> But beyond that little technicality, it stands out that they standardized
> AH at all. So they felt that there was a need for integrity-only IPsec. I
> guess part of this is that the perceived threats were different - there was
> less personal information on the Internet, and IPsec (unlike TLS) is much
> concerned with protecting non-confidential stuff like DNS, routing
> protocols. Today, about the only good use case I can think of that doesn't
> ever need confidentiality is NTP, and I don't know why we would want to
> design a protocol specifically for securing NTP.
>

And to do authentication only twice seems even stranger.



> Another part is that this was 1996 and in 1996 you had the "Pentium Pro"
> with a 150 MHz clock and a 60 MHz bus, which could probably do a few Mbps
> of 3DES+HMAC-MD5, or four times that with HMAC-MD5 alone. These are not
> today's processors that do 4 Gbps per core with AES-GCM.
>

That is not the motivation that the RFC suggests.



> BTW: this is not unique to IPsec. TLS also defines some NULL encryption
> ciphersuites.
>

I know, but the problem is that people are now pointing to the NULL ciphers
as precedent.



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email