9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: presotto@plan9.bell-labs.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 versus CORBA?
Date: Tue, 25 Sep 2001 09:42:03 -0400	[thread overview]
Message-ID: <20010925134207.32235199E9@mail.cse.psu.edu> (raw)

802.11's WEP was partially Lucent's fault, partially a bunch of other companies
that were also on the committee.  WEP stands for wired equivalent privacy.
The intention was to guard against casual snooping.  It was known at its
inception that it was not a wonderful solution.  Unfortunately, it
was sold as much more than that.  And even that fails after the Shamir
and Stubblefield work.  IEEE has a committee trying to address the situation
with better encryption.  After leaving Lucent, I'm no longer in the loop.
The early proposals were flawed and shot down, which means that this
time they're getting better review.

Putting encryption in the network is like firewalls.  You reject stuff
before routing it around.  It also provides some minimal protection
for all the uncontrolled/unprotected systems on the network.  However,
its not a substitute for end-to-end encryption.  It's also painfully
hard to change when flaws are found.  If they upgraded the current
standard to include key distribution (there's already a Lucent product
that does that over WaveLAN) then I'ld be happy to continue using it.
However, I'ld also continue doing my own encryption.  I don't trust
the systems authorized to use our network any more than I trust the
ones that aren't authorized.

The upcoming Plan 9 version, tries to solve some data privacy/integrity
problems by

(1) taking all authentication out of the kernel and the applications
   and centralizing it in an authentication server on every cpu.  The
   intent is to be able to switch algorithms with ease and to allow
   the simultaneous use of multiple algs and protocols.  Also, you can
   export the server to machines you CPU to so that you don't have to
   depend on the current 'speaks for' relation if you don't want to.
(2) encrypt all connections.  At the moment the encryption keys are
   part of the authentication process.  However, we'll probably move
   to just using TLS to encrypt all connections before authentication
   occurs.
(3) secure servers using PAK or SRP to store a user's secrets.  The
   server can be centralized or it could be personalized like a bitsy
   that you keep in your pocket.  It's the user's choice where to
   keep the info; you could type it in every time if you want.

We've got most of it working.  All of our CPU connections have been enrypted
for a while.  Soon the file server ones will also.  We've got to see what
that does to throughput.  We've already noticed that it really slows
down modems that currently get some of their speed by compressing.  That
means we'll probably have to compress also.  Luckily processors keep
getting faster.  All the extra cycles that Windows requires to have drop
alpha blended menus can serve our encryption needs.

Rob and jmk are just now converting our machines to run the new system.
There's a lot of change between 9P2000 and the new security infrastructure
so it'll be a while before we release it.

We (ynl & ehg) have also added IPv6 to the stack.  That hasn't been
merged in yet but we'll do it before the release.

We're currently considering what to do about IPsec.  I really don't like
it as a solution, partially for the same reason I don't like WEP:
its done too low.  However, we'll probably have to do it to
be compatible.  Security associations just bother me because they
represent such a violation of layering.  The advantage is the same
as that of WEP, programs don't have to take part in the security, it
can be done around them.  Also, headers are also encrypted and mac'd
so that a number of attacks, like the SYN one, become much harder.

Anyways, that's the current plan.  Rsc is doing a lot of it from
MIT, I'm doing some from Avaya, and the usual suspects are working
on it from Lucent.

Sorry for the long message.


             reply	other threads:[~2001-09-25 13:42 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-09-25 13:42 presotto [this message]
  -- strict thread matches above, loose matches on Subject: below --
2001-09-26 13:24 jmk
2001-09-26 13:33 ` Boyd Roberts
2001-09-26  6:12 okamoto
2001-09-26  6:07 okamoto
2001-09-26  9:48 ` Boyd Roberts
2001-09-26  5:41 geoff
2001-09-26  9:47 ` Boyd Roberts
2001-09-26  3:18 okamoto
2001-09-26  3:13 okamoto
2001-09-26  4:44 ` Christopher Nielsen
2001-09-26  4:50   ` David Arnold
2001-09-26  9:01   ` Boyd Roberts
2001-09-26  1:48 okamoto
2001-09-26  2:44 ` david presotto
2001-09-26  1:34 presotto
2001-09-26  1:26 okamoto
2001-09-25 14:29 forsyth
2001-09-25 14:19 rob pike
2001-09-26 15:44 ` Dan Cross
2001-09-25  2:07 presotto
2001-09-24 22:46 rob pike
2001-09-25  8:36 ` Andrew Simmons
2001-09-24  9:17 Fco.J.Ballesteros
2001-09-21 16:11 Fco.J.Ballesteros
2001-09-21 15:29 anothy
2001-09-21 16:03 ` Dan Cross
2001-09-21 14:54 Fco.J.Ballesteros
2001-09-21 13:37 ` Lucio De Re
2001-09-21 14:29 Sape Mullender
2001-09-21 14:26 jmk
2001-09-21 16:25 ` suspect
2001-09-21 14:04 Andrew Simmons
2001-09-21 14:25 ` andrey mirtchovski
2001-09-21 14:29   ` Ronald G Minnich
2001-09-21 15:16   ` Scott Schwartz
2001-09-21 14:28 ` Ronald G Minnich
2001-09-24  8:51   ` Andrew Simmons
2001-09-24 16:25     ` Boyd Roberts
2001-09-24 22:43       ` George Michaelson
2001-09-24 22:54         ` Boyd Roberts
2001-09-25  0:37           ` George Michaelson
2001-09-25  0:39             ` Boyd Roberts
2001-09-25  0:55               ` George Michaelson
2001-09-25  1:00                 ` Boyd Roberts
2001-09-25  0:42             ` Boyd Roberts
2001-09-25  0:56               ` George Michaelson
2001-09-25  1:00                 ` Boyd Roberts
2001-09-25  1:23                   ` Scott Schwartz
2001-09-25  2:27                     ` Dan Cross
2001-09-25  2:31                       ` Boyd Roberts
2001-09-25  2:12                   ` Dan Cross
2001-09-25  2:32                     ` William Josephson
2001-10-01  9:51     ` Mike Warner
2001-09-21 14:33 ` Alexander Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20010925134207.32235199E9@mail.cse.psu.edu \
    --to=presotto@plan9.bell-labs.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).