[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HIP and PKI reqs [RE: Identifier/locator recap]
On Mon, 17 Mar 2003, Pekka Nikander wrote:
> Pekka Savola wrote:
> > On Mon, 17 Mar 2003, Iljitsch van Beijnum wrote:
> >>>I suggest not being dependent on crypto anything is wise it implies PKI
> >>>to the solution and I fear that is a non-starter?
> >>No, HIP is smarter than that. [...
> > Uhh, no. HIP requires either DNSsec or opportunistic key distribution a
> > la SSH.
> Opportunistic key distribution a la SSH works pretty well.
> Going further, HIP *without* DNSsec/PKI is slightly *more*
> secure than today's insecured TCP/UDP, even if HIP is used
> to implement mobility and/or multihoming. See our security '
> analysis in our recent NDSS'03 paper.
> However, if you want to use HIP to secure something that
> goes beyond mobility or multi-homing, or want to achieve
> a security level that is more than slightly more secure
> than the current unsecured IPv4, you have to rely on
> DNSsec, or accept the vulnerabilities in opportunistic mode.
> Summary: HIP without DNSsec or PKI can provide security
> for mobility and/or multi-homing that is acceptable according
> to the current security requirements.
Not having read the paper, I think we agree -- what's basically left is
on-the-path attackers, local attackers or DNS-based forgery. All of those
are also problems in the unsecured IPv4. DNS-based forgery may be a bit
easier though, but that might need more analysis.
However, my complaint with HIP model is that it seems so closely tied to
ESP and security. Is it possible to use HIP without IPsec ESP? Or do you
have to use ESP with null encryption?
The security model above is possibly ok if the user gets no assumption
that "because I use HIP, I must be secure now".
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings