Re: isakmp before smtp?

[Crist Clark <crist.clark () GLOBALSTAR COM>]

Steffen Dettmer wrote:
> * Valdis Kletnieks wrote on Tue, Sep 12, 2000 at 09:49 -0400:
> > On Mon, 11 Sep 2000 18:04:29 CDT, Frank Knobbe <FKnobbe () KNOBBEITS COM>  said:
> > The basic trick here is "Diffie-Hellman key exchange".
>
> > [...] If you're only worried about confidentiality
> > (to prevent evesdropping) you can use Diffie-Hellman to exchange a session
> > key to use for encrypting the session.  If you're worried about authentication
> > too, you STILL want to use DH first, to set up a secure connection for
> > key exchange, [...]
> >
> > Basic summary:  For confidentiality, *no* pre-arranged keying is needed.
> > For authentication, you need either a public/private key pair or a shared
> > secret.
>
> I think encryption without authentication make little sense only,
> since it sould be possible for an attacker to connect as if it
> where authorized and so the attacker would get the data she's
> interessted in, aint? So the attacker could spoof the real target
> of the encryption tunnel, and nothing would detect this
> (man-in-the-middle-attack).
>
> So I would summarize:
> For confidentiality, authentication is needed.
>
> Please correct me if I'm wrong.

You are wrong. By _definition_ confidentiality and authentication are
different things. Confidentiality just means that a third party cannot
overhear what two parties are discussing[0]. Authentication is making
sure that each of the two parties knows who the other is. It is quite
possible to have either one without the other. Sticking to the
original subject, you can run IPsec with AH, with ESP, or with both.
However you'd like[1].

As for how _useful_ one without the other is, well that is another
matter. Using the original subject of the thread as an example, say
that you want to send email and would rather not have it sniffed.
In our example, the mail sender does not trust his LAN (maybe he's
at a university or something), but is not too worried about the
identity of the destination (i.e. domain or IP address hijak is not
likely). For him, just ensuring the connection is confidential would
step up his security significantly. Yes, authentication would be even
better, but it is less important to him and there may be no mechanism
available to do it (you need a trusted communication channel or a
mutually trusted third party for authentication).

[0] Yes, there is no implication that the two parties talking are
actually who the other think believes it is. A man in the middle
can intercept the connection before confidentiality is established,
but the connection between the first party and the man in the middle
will still be confidential.

[1] You can't always get what you want. The risks of running with
confidentiallity and no authentication (via AH anyway) is something
something I've had to think about quite a bit recently. There is a
situation where I want to use IPsec, but one end of the connection
is NAT'ed. One cannot do AH, but ESP works fine.
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com