[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

About security requirements and complexity (was Re: New multiaddressing review and new MAST draft)



Dave,

The key here, is to be clear about the requirements for security. In
particular, I think we need to be diligent in separating the requirements that
are strictly due to adding multiaddressing, versus the changes that are more
generally interesting and useful.

I completely agree. On the other hand, I also think that most people underestimate the security consequences of introducing genuine multi-addressing, with the capability of changing the addresses on the fly. I certainly underestimated it myself before starting to seriously work on the area.

Let me again stress that I'm not trying to make light of those additional
goals, but want to make sure that we are clear that they are additional. If
satisfying those goals imposes significant challenges to the basic design of
multiaddressing support, then the effort for them should be separated out.

Well, the basic differences in terms of cost seems to come from two sources: - public key crypto or just hash functions etc - number of messages and round trips

From this point of view, HIP can be certainly critisized for relying
on public key crypto, and therefore being heavier than absolutely
necessary.  On the other hand, it is *possible* to use HIP with
very short key lengths, with the obvious (or perhaps not so :-)
consequences.

Complexity wise I don't see any big difference.  There are other
factors that basically necessitate you to use either a three-way
or four-way handshake anyway.  For DoS reasons four-way "stateless"
handshakes seem to be better.  What comes to the complexity of
changes to the stack, there is no big difference.  The real differences,
if any, are in the complexity of the control protocol.  It looks like
that you can't make authenticated Diffie-Hellman with DoS protection
much more simpler than what HIP does.  Hence, the question really is
whether you want to use PK authentication or not, since if you do not,
then you don't need Diffie-Hellman either.

Clarifications about HIP in a separate message.

--Pekka Nikander