On Thu, Jul 13, 2017 at 6:54 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net>
wrote:
On 7/12/2017 8:55 PM, Randy Bush wrote:
defense in depth. you do what you can on every link and layer.
The problem with a generic cliche like defense in depth is that there is
not way to judge what's meaningful and useful and what isn't. Obviously
there is defense in depth if I run two anti-virus applications rather than
only one? Oh... there isn't?
And the idea that it's best to do what you can at every layer presumably
means that we need to put checksums back into IPv6?
On the other hand, the basic question of whether one is /positive/ that
all activity is protected by TLS is worth considering (though such coverage
was the premise to my original query.)
Defense in depth is ambiguous, I agree. But it is not bogus. End to end is
also ambiguous as ideas on where the ends are differ.
For the Mesh protocols, I use a Triple Lock approach. which I have not
finished writing up on. The idea is that we apply crypto at three different
layers to achieve different effects.
1) Transport Layer: Confidentiality gives us protection against traffic
analysis.
2) Session Layer: HTTP Web Service packets are authenticated with keys
negotiated at the application layer. This provides for transaction
isolation (no injection attacks) and authentication.
3) Data Level Signature: For non repudiation.
Although encryption is only mandated for every interaction at the first
layer, it is usually applied at 2 and often required at 3 as well.