An Illustrated Guide to IPSec
(Log in to post comments)
An Illustrated Guide to IPSec
Posted Aug 26, 2005 3:54 UTC (Fri) by njhurst (guest, #6022) [Link]
Somehow, whenever I read 'IPSec' I think "Ipecac". I wonder if there is a connection?
An Illustrated Guide to IPSec
Posted Aug 27, 2005 6:07 UTC (Sat) by jd (subscriber, #26381) [Link]
SUN thought so. In the early days, there was a ferocious war over what should be the new secure Internet protocol. The two competing factions were Sun's SK/IP protocol (which had lower latency and better tolerance for network problems) and ISAKMP/Oakley (which people liked and didn't have IP issues).In the end, the ISAKMP/Oakley crowd won the favour of the IETF, who declared it to be the IPSec standard. Sun kept pushing SK/IP for a while but have now dropped it entirely. Which goes to show how perilous any single-vendor standard is, however big the vendor. A Linux version of SK/IP - EnSKIP - exists but has received no new work for years.
It is interesting to note that ISAKMP/Oakley was favoured by the US military - the DoD released a prototype and the Naval Research Laboratory regularly churned out *BSD patches for some time. A number of Universities also produced prototypes, but the NRL version was by far the best maintained, the most up-to-date and the most complete. I do not know if any current IPSec implementation actually uses any of their code or not, though.
NIST also produced an IPSec implementation - this time for Linux - called Cerberos. They abandoned it, shortly after the restrictions on exporting encryption systems was lifted, although it was so poorly maintained that it was impossible to use for anything other than as a demonstration of the principle anyway.
The idea of IPSec is a good one, current implementations are improving, interoperability is improving and fewer projects are becoming abandonware, but it will not make any serious headway at this point unless sites make use of it. (eg: Websites could offer an alternative address that used IPSec.) SSH and SSL are "good enough" that there's no pressure to use IPSec, and SSL gets all of the newspaper coverage so is the only one general users are even aware of.
Having said that, IPSec is sill very controversial, with plenty of people arguing that it encrypts at the wrong layer. The primary benefits are that you've a single implementation (therefore fewer opportunities for bugs and fewer states to track if heavily used) and that it encrypts everything, so it is impossible for crackers to use non-encrypted session information to help in breaking the keys. However, because it encrypts everything that goes through the tunnel, it adds a lot to the latency. This is helped some with encryption co-processors, such as Motorola's S1, but these are not widely used or supported. Or even known about.
Linux kernel developers, for a long time, opposed ANY support for encryption hardware in the kernel. They argued that encryption was an application activity, so kernel support was the wrong place. Even if that were true, one major point of a kernel is to provide abstraction for hardware and another is to control access to it. The kernel's memory is also a little more secure than userspace, which is really handy if you're planning on maintaining non-trivial security.
This kind of fighting was not limited to Linux, by any means, and is far from dead in any system - although, for microkernels that implement mandatory access controls for virtual memory, it might be considered a moot point as there would be no serious distinction between kernel encryption and userland encryption at that point.
Of course, all of it is largely redundant anyway. IPSec over the Internet is quite impossible, when you have mandatory wiretapping, because it is wiretapping that IPSec is designed to prevent. IPSec, then, is only really legal for internal networks - and that is probably the least useful place for it (except maybe for wireless networks).
An Illustrated Guide to IPSec
Posted Aug 28, 2005 11:52 UTC (Sun) by man_ls (guest, #15091) [Link]
A most interesting message, I should say. Just one request for clarification:IPSec over the Internet is quite impossible, when you have mandatory wiretapping, because it is wiretapping that IPSec is designed to prevent.What is that about "mandatory wiretapping"? Is it a US-only thing? How does it affect IPSec, and why is it different for SSL or SSH?
An Illustrated Guide to IPSec
Posted Aug 30, 2005 2:48 UTC (Tue) by jd (subscriber, #26381) [Link]
In the US, it recently became mandatory to allow Government officials(with the correct paperwork) to wiretap network traffic. This was to unify
the Internet with existing wiretapping laws for the US telecommunications
industry. Not only must it be possible to conduct wiretapping, it must be
possible to conduct it covertly and the ISPs must provide the access to be
able to carry all of this out.
<p>
End-to-end strong encryption would (obviously) make such wiretapping
impossible. The only way to break such encryption would be for someone to
provide the encryption keys, which immediately makes covert surveillance
impossible. It would also be of no use going to the ISPs, as that is not
where the encryption would be taking place.
<p>
SSH (version 2 only) would work with this system. Each server has a key
that is pre-generated. If keys can only come from authorized key vendors,
then the Government could monitor all SSH traffic. Britain tried a system
similar to this, around about 1997 but the reaction was strong enough that
they were forced to back down and merely require that encryption keys had
to be handed over to law enforcement on demand - or face jail time.
<p>
Again, this works with SSH. However, IPSec uses opportunistic encryption.
A certificate can be used to prove the site's authenticity, but the
encryption keys are generated on-the-fly and are not retained anywhere.
This means that keys can not be provided before or after the fact - they
simply don't exist outside of the session for which they were created.
Mandatory covert wiretapping
Posted Sep 2, 2005 8:00 UTC (Fri) by xoddam (subscriber, #2322) [Link]
It's still perfectly possible for the ISP to log all the packetsgoing to/from a particular IP address, and with the handshake
information thus available any serious spook should have no
trouble reconstructing the keys. Not in real-time, but even so.