craving cryptography commentary

Andrew Berg andrew_c_berg at yahoo.com
Wed Aug 24 23:16:55 UTC 2005 

On 20-Aug, 2005, at 13:37, Chris Muller wrote:

> Thanks for helping Andrew.

Sorry to be slow getting back to you.  I've been traveling for my job a 
bit more lately.

> I'm no longer intending to do this.  The other Andrew enlightened me 
> how a
> spoofed IP could be used to block the original user.

I wouldn't call the possibility of spoofing like that a show stopper.  
It would just require a good, strong reason to justify the risk.  
Generally with security protocols, adding stuff just because it seems 
like a good idea ends up being a bad idea.

>> Do requests happen on separate socket connections?
>
> Yes.  Is this bad?

 From the security point of view, it does not really matter.  From a 
performance point of view, yes it is.  Even HTTP has a keep-alive 
option, which makes a huge difference.  And HTTP does no real 
authentication in its basic version.  Socket setup and tear-down takes 
a surprising amount of time.

>>  Is that why you are
>> interested in doing authentication on each request?  If not, would it
>> not be easier to just authenticate the connection and then allow any
>> requests from that client?
>
> My understanding is that, although difficult, TCP connections can be 
> hijacked.
> Man-in-the-middle would not be able to attack if "authenticating" each
> transmission was required.

Right.  TCP hijacking is straightforward, just not fesable in most 
situations.

>> In any case, it seems to me that the very next kind of security that
>> you might want to implement would be to add some privacy to the 
>> request
>> and the result, which would probably best be implemented with 
>> something
>> very SSL/TLS like.  Might it not be better to just implement SSL/TLS
>> first and be done with it?
>
> Yes, I am not intending to reinvent this.  The users will have to 
> secure this
> themselves with an outboard SSL/TLS as you mention.
>
>> This would also have the advantage of being an extensively
>> peer-reviewed protocol, so there'd be far less chance of some
>> "obvious-to-someone-who-hasn't-looked-at-it-yet" kind of mistake.
>
> Agreed.
>
>  - Chris
>

More information about the Squeak-dev mailing list