[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: ULE SEC REQ draft rev -03



Hi Prashant,

Regarding this paragraph from your modifications. It was only removed because we
were not very comfortable with the wordings. See Inline

I did not put much effort into the wordings because I had expected to get some feedback on that prior to publication. Sorry, I should have told so. :/

However, the end-points of a communication might not be under central
control (such as when browsing the public internet), and then it may not
be possible to rely on end-to-end security.

End-to-end security has nothing to do with central control. Only the two
comunicating end parties are resposible for seting up any end-to-end security.
So this sentance is quite misleading as we should be able to use end-to-end
security withought any central control.

Ok, what I mean is that if the destination end-point is not under the same control as the source, i.e. does not have the same owner (as a person/company), then you are restricted to whatever security the destination offers you. If it does not offer any security, there is no way to enforce it. E.g., this is true for most of the web servers in the www.

To repeat, in such case having security for the vulnerable (in terms of passive attacks) ULE broadcast link is very desirable.

ULE link security will then
provide protection against attacks on the weakest link within the
communication chain, i.e. the ULE broadcast link (see section 3.2).

I am not sure if the ULE link would be the weakest link. Especially when data is
sent over the interent (the case of wesbites like you mention) I would consider
the fixed links to be vulnerable also.

Sure, the other links are vulnerable, too, if you don't have end-to-end security. But compared to the ULE broadcast link wired links are much more secure. On the ULE broadcast link, all it takes an attacker is to switch his receiver into some kind of promiscious mode to derive passive attacks. To succeed in any kind of attack on a wired link of the Internet requires much more sophistication. That is why I said that the ULE link was the weakest link in the communication chain. (Yes, I do not like the wording myself, it was just to get the point.)

I think it is a case important enough to be outlined, i.e. a case where
an "ordinary" end-user (compared to a company) has no possibility to
enforce end-to-end security, yet he does not want "the whole world" to
potentially see the data he receives (e.g. the web sites he visits).
It demonstrates another reason for why ULE link layer security is
desirable, IMO.

As discussed above, I also do not really see the point of only securing the ULE
link when the interet link is unsecured. Securing only part of the link IMO
will make the other link the weakest link.

As explained above, it will make it quite harder to derive successful attacks. You'd have to tap specific wired links the data travels over, or get access to the routers in between.

Best regards,
Michael