Many thanks for the (as always) thorough explanation. I had forgotten
about the desire for extra flexibility.
At 11:32 AM 10/27/95, Ned Freed wrote:
But now consider what happens with multipart/encrypted where the various
underlying services all support a common interchange service. Now all you
have
Just to make sure that I've got the idea and -- more importantly -- a
terse way to describe it, let's see if the following is an acceptable
summary, albeit one that loses much:
Your summary seems fine to me. However, I've learned the hard way that
terminology I think is acceptable may not be acceptable in the security
community. I therefore suggest that you have someone from that side of things
look over your description as well -- I suspect that at least some security
folks are on this list, but I'm by no means sure.
the blob effect to hide what's key and what's data is nothing but security
by
obscurity. And as for hiding the use of encryption, the requirement that we
I concur. (Though one must be amused to see all the IP address
translation (NAT) hype being justified in terms of improving corporate
security...)
Similar considerations apply to firewalls that attempt to strip internal node
names from messages so as not to reveal internal network naming conventions or
topology. This always amuses me greatly, yet we're constantly inundated with
requests for this mostly worthless functionality.
We recently ran into an extreme case of this: A firewal that actually scanned
the *content* of messages looking for any references to the corporate domain.
(I believe it even undid encodings in its search...) Any references it found
were promptly stripped of any node-specific information, i.e. node.dumb.com -->
dumb.com. But the problem we were trying to solve had to do with the routing
configuration of one of the internal nodes. So we were trying to exchange
things like configuration files that were loaded with references to internal
nodes, which of course were turned into garbage by the firewall.
In fact this problem was so pervasive that this company had actually put in
place an informal way to work around the problem -- people would write node dot
dumb dot com instead of node.dumb.com. The firewall didn't know about this
variant, and of course a simple editor macro on either end would take care of
the translation. And of course the use of such conventions completely blows
away the supposed effectiveness of the firewall.
True story. Really. It happened only a couple of weeks ago.
My curiosity was for simplicity of mechanism and not about added
security.
The multipart/encrypted mechanism is a tad more mechanism that a single
blob. Not offensively more, just enough to make folks curious.
Agreed.
Ned