Re: Rant (Was Re: Our friend FTP, again)

[David LeBlanc <dleblanc () mindspring com>]

At 10:02 AM 4/19/99 -0400, Ge' Weijers wrote:
> On Sun, Apr 18, 1999 at 08:37:41AM -0700, David LeBlanc wrote:
> > Possibly.  I also think that IPSec will solve a lot of problems once it is
> > widespread.  

> IPSEC is an afterthought, and a substitute for good protocol
> design. And it requires a lot of infrastructure to be effective
> (secure DNS or PKI). One of the problems I have with it is that you
> lose anonymity. If you just want to download a publicly available file
> you should not have to prove your identity. You _do_ want to make sure
> that the file comes from the server you requested it from in the first
> place. 

Then according to what Robert Graham wrote (which I agree with), IPSec
should have great success.  It may not be elegant, but it is a good
incremental improvement.  We'll need secure DNS and PKI to do too many
other things, so I don't see that as a huge stumbling block.  Also, why
should we depend on every app to institute properly done privacy and
integrity?  Why shouldn't this be done at a lower level? I think IPSec does
it in the right place, and has the advantage of suddenly making so many
older (but widely used) protocols reasonably secure.  If all you want is a
publicly available file, then you aren't worried about security, and can
just use IPinSec <g>, just like you do now.

I also think we're going to lose much of the anonymity we currently have as
we move forward.  As with most things, this will be both good and bad.
I'll leave that argument to another thread.

> Initially we'll probably be running IPSEC between security gateways,
> not from endpoint to endpoint. I wonder how much we'll be gaining this
> way, because these gateways will have to be as clever as current
> firewalls about which connections to let through.

That's a great initial start - I suspect it will probably take 2-3 years to
get into very widespread use.


David LeBlanc
dleblanc () mindspring com