Gutmann Soundwave Therapy
James A. Donald
jamesd at echeque.com
Sun Feb 3 23:29:50 EST 2008
James A. Donald wrote:
>> I have figured out a solution, which I may post here
>> if you are interested.
Ian G wrote:
> I'm interested. FTR, zooko and I worked on part of
> the problem, documented briefly here:
> http://www.webfunds.org/guide/sdp/index.html
I have posted "How to do VPNs right" at
http://jim.com/security/how_to_do_VPNs.html
It covers somewhat different ground to that which your
page covers, focusing primarily on the problem of
establishing the connection.
"humans are not going to carry around large
strong secrets every time either end of the
connection restarts. In fact they are not going
to transport large strong secrets any time ever,
which is the flaw in SSL and its successors such
as IPSec and DTLS
"What humans are going to do, and what the user
interface must support, and the cryptography
somehow make secure, is set up a username and a
rather short password, and enter that password
on request - rather too easily enter it on
request without necessarily checking who they
are giving it to. Our security has to work with
humans as they are, and make what humans are
naturally inclined to do secure, rather than try
to change what humans are naturally inclined to
do."
It covers the cryptography of packets only to the depth
needed to establish the required properties of sessions:
"each packet within a session must have its own
unique IV (nonce), and each session must have
its own symmetric encryption secret and
authentication secret. We have to have a new
session every client restart, every server
restart, and every 2^64 bytes. At the beginning
of each new session, new strong secrets, large
truly random numbers, have to be negotiated for
symmetric encryption and authentication."
My page completely ignores the routing issue, another
hard problem which existing VPNs frequently do wrongly,
or not at all. It presupposes the existence of good
random number sources.
It does not address the question of denial of service
attacks against the session establishment protocol,
though I have written that up elsewhere, and will
publish that shortly.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list