craving cryptography commentary
Andrew Berg
andrew_c_berg at yahoo.com
Wed Aug 24 23:16:55 UTC 2005
On 20-Aug, 2005, at 13:37, Chris Muller wrote:
> Thanks for helping Andrew.
Sorry to be slow getting back to you. I've been traveling for my job a
bit more lately.
> I'm no longer intending to do this. The other Andrew enlightened me
> how a
> spoofed IP could be used to block the original user.
I wouldn't call the possibility of spoofing like that a show stopper.
It would just require a good, strong reason to justify the risk.
Generally with security protocols, adding stuff just because it seems
like a good idea ends up being a bad idea.
>> Do requests happen on separate socket connections?
>
> Yes. Is this bad?
From the security point of view, it does not really matter. From a
performance point of view, yes it is. Even HTTP has a keep-alive
option, which makes a huge difference. And HTTP does no real
authentication in its basic version. Socket setup and tear-down takes
a surprising amount of time.
>> Is that why you are
>> interested in doing authentication on each request? If not, would it
>> not be easier to just authenticate the connection and then allow any
>> requests from that client?
>
> My understanding is that, although difficult, TCP connections can be
> hijacked.
> Man-in-the-middle would not be able to attack if "authenticating" each
> transmission was required.
Right. TCP hijacking is straightforward, just not fesable in most
situations.
>> In any case, it seems to me that the very next kind of security that
>> you might want to implement would be to add some privacy to the
>> request
>> and the result, which would probably best be implemented with
>> something
>> very SSL/TLS like. Might it not be better to just implement SSL/TLS
>> first and be done with it?
>
> Yes, I am not intending to reinvent this. The users will have to
> secure this
> themselves with an outboard SSL/TLS as you mention.
>
>> This would also have the advantage of being an extensively
>> peer-reviewed protocol, so there'd be far less chance of some
>> "obvious-to-someone-who-hasn't-looked-at-it-yet" kind of mistake.
>
> Agreed.
>
> - Chris
>
More information about the Squeak-dev
mailing list
|