Re: IPSP and Netscape
In article <199412130302.TAA00871@largo.remailer.net>, you write:
I've tried really hard to stay out of this, but this one is just too much.
The question is about IPSP, the swIPe-like IP level security protocol.
From: "Kipp E.B. Hickman" <kipp@warp.mcom.com>
Name one router that speaks the secure protocols you are documenting? Name one PPP based bridge that does? Show me, today, what percentage of the Internet is covered by these standards?
[ ... later ... ]
My company's network hardware is typical. It is filled with expensive devices that don't understand IPSP or IPNG. In fact, most of the world is constructed this way.
The protocol does IP-within-IP encapsulation, which means that every single router deployed is able to carry the secured traffic.
Now, this is not so egregious an error by itself (it is, but I'm being polite), but coupled with the claims that SSL is better than anything else out there, I see an argument from chauvinism rather than one from knowledge.
Since IPSP works at the IP level rather than at the TCP level there are protocol stacks that have to change. This is not immediate. It may be that IPSP is not the quickest or best way to link security, but that is not the point I am making here. The original denial of IPSP's potential utility was made in complete ignorance, ignorance so great to lack even the most basic understanding of the subject at hand.
I cannot trust abbreviated arguments from such a source. I can, however, examine ones which are complete and well thought out and demonstrate some understanding of tradeoffs.
I'm sorry you are so upset. :-( IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^) However, regardless of whether or not extant hardware is reusable, there is still the not so small matter of software. Software for PC's, MAC's and a host of UNIX machines before a workable secure network can be constructed. It is a good thing that IPSP requires only software to meet it's goals. This same property is true of SSL. Finally, I never said that "SSL is better than anything out there". I don't know who did. All I said is that "SSL is something", which isn't really saying much. SSL is A solution to A set of problems, namely privacy and authentication. --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html
Kipp E.B. Hickman says:
I'm sorry you are so upset. :-(
IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^)
My complaint about Netscape is that you guys haven't been reading about what others have done. I understand your desire to get things done quickly, but you are making assumptions about whats out there and what works that aren't warranted.
However, regardless of whether or not extant hardware is reusable, there is still the not so small matter of software. Software for PC's, MAC's and a host of UNIX machines before a workable secure network can be constructed.
Certainly. SSL would also require software for all those platforms -- its no different in this regard.
Finally, I never said that "SSL is better than anything out there". I don't know who did. All I said is that "SSL is something", which isn't really saying much. SSL is A solution to A set of problems, namely privacy and authentication.
Privacy and authentication are also provided by IPSP. However, IPSP provides all sorts of advantages -- immunity from traffic analysis, no requirement to change the way an application operates to start using it, protection of the entire IP stack (not just TCP sockets), very minimal changes required to applications that want to use the information provided by the IPSP layer for authentication (and no need to change your read or write calls or anything), etc, etc, etc. Perry
On Dec 13, 1:49pm, Perry E. Metzger wrote:
Subject: Re: IPSP and Netscape
Kipp E.B. Hickman says:
I'm sorry you are so upset. :-(
IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^)
My complaint about Netscape is that you guys haven't been reading about what others have done. I understand your desire to get things done quickly, but you are making assumptions about whats out there and what works that aren't warranted.
I think you may have jumped to a conclusion here that is unwarranted. We are a small company with limited experience and capacity. We did what we thought was appropriate, however it may seem now.
However, regardless of whether or not extant hardware is reusable, there is still the not so small matter of software. Software for PC's, MAC's and a host of UNIX machines before a workable secure network can be constructed.
Certainly. SSL would also require software for all those platforms -- its no different in this regard.
True. However, we have found a way to get it to the masses quickly. System software is inherently more difficult to distribute, and consequently takes more time. When I was doing operating system work at SGI, it was often a year before the customer base would see the fruits of my labor. However, with Netscape, things are faster and it is easier to get people to load an "application" than it is to load a new winsock/kernel. The delivery vehicle is very important to the marketplace. In my mind, SSL and IPSP are two solutions with very similar properties. However, SSL can be implemented at the application layer. I'm not certain if IPSP can, and I'm also not certain that if it could, people would be as happy with it. A (probably naive) question: If IPSP is essentially "tunnelling", don't sysadmin's and the like get concerned that now their fancy routers etc. can no longer shield certain classes of unwanted traffic?
Finally, I never said that "SSL is better than anything out there". I don't know who did. All I said is that "SSL is something", which isn't really saying much. SSL is A solution to A set of problems, namely privacy and authentication.
Privacy and authentication are also provided by IPSP. However, IPSP provides all sorts of advantages -- immunity from traffic analysis, no requirement to change the way an application operates to start using it, protection of the entire IP stack (not just TCP sockets), very minimal changes required to applications that want to use the information provided by the IPSP layer for authentication (and no need to change your read or write calls or anything), etc, etc, etc.
These are all good properties. As with any technology, it takes time to deploy. When these capabilities are the norm instead of the rarity, SSL will no longer be needed, except as a compatability crutch. -- --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html
"Kipp E.B. Hickman" says:
A (probably naive) question: If IPSP is essentially "tunnelling", don't sysadmin's and the like get concerned that now their fancy routers etc. can no longer shield certain classes of unwanted traffic?
You are right that an encrypted IPSP packet can't be "peeked into" and thus can't be selectively blocked by a filtering router. There is, however, a notion in the IPv6 version (will be in the v4 version if I have anything to do with it) of a "transparent authentication header" which allows you to achieve authentication without privacy for those situations that require the ability to filter packets at a firewall. Overall, however, IPSP reduces (but does NOT by any means eliminate) the need for firewalls, because IPSP packets can be fully private and authenticated and thus can't be hijacked. Perry
From: kipp@warp.mcom.com (Kipp E.B. Hickman) IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^) This indeed was exactly the problem. Might I suggest that a some amount of acknowledgement of the outside world and a survey of existing work would solve most of Netscape's PR problems on this list? Eric
Kipp wrote: | IPSP was not in my vocabulary at the time of the first posting. Ignorance | was briefly bliss :^) My, this is a _tasty_ burger. | However, regardless of whether or not extant hardware is reusable, | there is still the not so small matter of software. Software for PC's, | MAC's and a host of UNIX machines before a workable secure network can | be constructed. It is a good thing that IPSP requires only software to | meet it's goals. This same property is true of SSL. | | Finally, I never said that "SSL is better than anything out there". I | don't know who did. All I said is that "SSL is something", which isn't | really saying much. SSL is A solution to A set of problems, namely | privacy and authentication. I'm not sure I understand. Could you explain what you mean by privacy, and how it is maintained by SSL? (My question, obviously, is informed by Hal's recent comments on privacy.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Dec 13, 2:00pm, Adam Shostack wrote:
Subject: Re: IPSP and Netscape Kipp wrote:
| IPSP was not in my vocabulary at the time of the first posting. Ignorance | was briefly bliss :^)
My, this is a _tasty_ burger.
| However, regardless of whether or not extant hardware is reusable, | there is still the not so small matter of software. Software for PC's, | MAC's and a host of UNIX machines before a workable secure network can | be constructed. It is a good thing that IPSP requires only software to | meet it's goals. This same property is true of SSL. | | Finally, I never said that "SSL is better than anything out there". I | don't know who did. All I said is that "SSL is something", which isn't | really saying much. SSL is A solution to A set of problems, namely | privacy and authentication.
I'm not sure I understand. Could you explain what you mean by privacy, and how it is maintained by SSL? (My question, obviously, is informed by Hal's recent comments on privacy.)
SSL provides "channel" privacy. The two endpoints which are communicating can be ensured of three basic properties: 1. You are certain who you are talking to (server authentication) 2. Your conversation with the server is private (privacy using encryption) 3. Your conversation cannot be interfered with (data integrity) That is all SSL does. MIME multipart encoding used on documents can provide deeper encryption, tamper-proof document storage, etc. There are up and coming standards for these actions. -- --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html
participants (5)
-
Adam Shostack -
eric@remailer.net -
Kipp E.B. Hickman -
kipp@warp.mcom.com
-
Perry E. Metzger