Re: ipsec on raylink

To: tech-net%netbsd.org@localhost, tech-crypto%netbsd.org@localhost
Subject: Re: ipsec on raylink
From: Michael Richardson <mcr%sandelman.ottawa.on.ca@localhost>
Date: Sat, 26 Feb 2000 21:36:03 -0500

>>>>> "Wolfgang" == Wolfgang Rupprecht <wolfgang%wsrcc.com@localhost> writes:
    Wolfgang> I've been ripping my hair out trying to figure out how to
    Wolfgang> securely use the ipsec stuff in -current to allow a secure
    Wolfgang> connection between my local ether and the raylink machines.
    Wolfgang> I'd really like to nfs mount my home directories over the
    Wolfgang> raylink, but there is no way I'm going to do that without some
    Wolfgang> crypto in there.  (Only the fbi and cia are confident enough to
    Wolfgang> export their nfs disks r/w to the world.)

  Are you using -current? newer than 1.4Q or so?
  (i.e. new or old KAME policy code...)

    Wolfgang> can't figure out a similar setup for the two-network case.  All
    Wolfgang> the ideas I've had end up with either no communication or no
    Wolfgang> encryption.  Does anyone have a working example?

  Yes/no.

    Wolfgang> Are the setkey-loaded ipsec rules longest-prefix match (like
    Wolfgang> CIDR) or first or last match?  I was wondering if one could do
    Wolfgang> a "deny all" and then open it up if certain conditions were
    Wolfgang> met.

  I think so, yes.

    Wolfgang> As an aside, which encryption modes are appropriate for UDP?
    Wolfgang> Can one use xxx-cbc?  I was wondering what happens with a
    Wolfgang> dropped UDP packet.  Does the -cbc at both ends get out of sync

  The CBC mode only applies within the packet. Each packet contains a new
IV, so each packet is independant.

    Wolfgang> and the communication stops?  In practice does one have to use
    Wolfgang> ah with esp to prevent forged packets from being constructed
    Wolfgang> and injected?  Comments to RTFM welcome as long as they include
    Wolfgang> pointers to TFM. ;-)

  Not anymore. ESP includes an AH-like integrity check. In fact, the
VPN-people in the IPsec WG would like to get rid of AH and just use ESP with
null encryption for "authentication" --- that's because they don't see the
point of AH for defending against things like the Yahoo/eBay denial of
service. To do that would require IPsec to be ubiquitous. For VPN vendors
ubiquitous IPsec would put them out of the market. (I don't suggest that the
engineers are malicious in this way, they are just listening to their
marketing, who never get requests for AH in their gateways, since nobody
who'd spend real money for a gateway would want AH anyway)

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: <A 
HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html";>mcr%sandelman.ottawa.on.ca@localhost</A>.
 PGP key available.

Prev by Date: openssl kernel asm
Next by Date: Re: US crypto laws and NetBSD
Previous by Thread: openssl kernel asm
Next by Thread: Re: lib/9702: Makefile lossage for crypto-intl
Indexes:

Home | Main Index | Thread Index | Old Index