[Top] [All Lists]

RE: experiments in the ietf week

2008-03-24 10:29:27
These claims are meaningless to me. Transport and network layer security have 
distinct objectives and purposes. They are not replacements or interchangeable 
in any sense.
If you beleive that there is an attack that SSL is vulnerable to you should 
bring it up in TLS. 
In general the higher up you climb in the stack, the better the security you 
can offer. In order to provide application layer security in a correctly 
layered network model you have to apply security at a layer that the 
application talks to, that means either the messaging (S/MIME/PGP/S-HTTP/SHEN) 
or the transport layer (SSL, DNS). SSL provides confidentiality, integrity and 
authentication. If you want useful non-repudiation you need to move up to the 
message layer.
The advantage of going lower in the stack is to gain greater generality. IPSec 
allows every communication to be protected with a basic level of security in a 
manner that is transparent to the applications. As such it allows certain 
aspects of confidentiality and integrity to be supported but cannot inform 
application logic.
Security today is all about layered security. Ideally an email transaction 
would have at least three layers of security:
1) IPSec
2) TLS (between SUBMIT client to server, STP server to server, POP3/IMAP server 
to client)
   Each message should be DKIM signed as a matter of course
   If the recipient advertises an acceptable encryption key and protocol this 
should be used to encrypt the message
3b) DRM attachments
   If a message has attachments (e.g. Word, HTML Archive, etc) these should be 
subject to lifecycle-long data level protection.
The most critical layer here is layer 3b which is unfortunately the one we do 
not have today. At the moment 2014 is the earliest I can see there being the 
hope of an unencumbered data level security specification. 
I do not see any value in 'turning off' upper layer security enhancements as an 

From: ietf-bounces(_at_)ietf(_dot_)org on behalf of Iljitsch van Beijnum
Sent: Mon 24/03/2008 10:17 AM
To: Eric Rescorla
Cc: Mark Andrews; Jari Arkko; IETF Discussion; Kurt Erik Lindqvist
Subject: Re: experiments in the ietf week 

On 19 mrt 2008, at 1:46, Eric Rescorla wrote:

A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.

Why would this be either interesting or desirable?

SSL is vulnerable to more attacks than IPsec and IPsec is more general 
than SSL. As such it would be good if we could have IPsec deployment 
similar to SSL deployment, similar to how it would be good to have 
IPv6 rather than IPv4 deployment, so a similar experiment could be 
useful in showing what if any the reasons are we're still stuck with 
the inferior SSL/TLS technology.
IETF mailing list

IETF mailing list