<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Allan Latham <alatham,AT,flexsys-group,DOT,com>
Subject: Re: Feature: Using just one port
From: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>
Date: 18 Jun 2003 12:23:55 -0500
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <200306172057.20254.alatham@flexsys-group.com>
Organization: Omnifarious Software
References: <200306171603.55702.alatham@flexsys-group.com> <1055866005.23869.15.camel@monster.omnifarious.org> <200306172057.20254.alatham@flexsys-group.com>

On Tue, 2003-06-17 at 13:57, Allan Latham wrote:
> Hi Eric
> 
> the plan calls for the remotes to be direct on the internet but there's 
> always 
> a risk that someone will want the remote behind a NAT firewall. Most NAT 
> firewalls seem to keep the original port if it doesn't conflict with 
> existing 
> connections but of course one can't rely on that!
> 
> The only alternative to this scheme I could come up with was to put the 
> original port in plaintext ahead of the cipe payload in the udp packet. 
> It's 
> not intended to interwork with "standard" cipe installations so that might 
> be 
> an easier way. And it's NAT safe!

Yes, that would work, and be no less secure than using the peer port #. 
To be extra secure, you'd want that value to be MACed along with the
encrypted portions of the message.  Both of those schemes permit traffic
analsysis based on always being able to identify which parties are
speaking in any given packet.  The remote stations could be assigned
numbers by a traffic analyzer, and a remote station could always be
associated with a number, no matter where it was.

To prevent that (and be more efficient), you'd want to make some
significant changes to the protocol to securely negotiate the station's
identity whenever the it started sending packets from a different
place.  Then, no further packets would have to contain the station's
identity, and the station's identity would not be able to be directly
determined from examining packets.

I haven't studied PKCipe much.  It may do this.

Have fun (if at all possible),
-- 
The best we can hope for concerning the people at large is that they
be properly armed.  -- Alexander Hamilton
-- Eric Hopper (hopper,AT,omnifarious,DOT,org  
http://www.omnifarious.org/~hopper) --

Attachment: signature.asc
Description: This is a digitally signed message part


<< | Thread Index | >> ]    [ << | Date Index | >> ]