LACNIC Internet Community Newsletter
Doing Business Securely in an Insecure World
by Randy Bush
The Net is a Dangerous Place But We Can Do Things Safely
Twenty years ago, it was considered rude to have a UNIX machine on the net which did not offer a password-less account with the name ‘guest’ so that any passer-bye could use it. People with ten years or less experience do not believe me when I tell this to them.
Times have certainly changed. The net is a much less secure place. In an environment where attacks are continuing events, where operating system and application vulnerabilities are discovered daily, where bot-nets of 100,000 zombies attack, we still conduct financial and other private transactions worth billions of dollars.
How is this? Basically, we have deployed tools and protocols which enable secure transactions in an insecure world. This is a similar philosophy to that where we have built a reliable network from a set of unreliable components; circuits fail, equipment has errors, etc. But the packets route around the failures. What are the successful protocols/tools?
Secure Sockets Layer / Transport Layer Security (SSL/TLS)
One would not consider sending credit card or other personal data over an unencrypted link. Encrypted and usually authenticated browsing, e.g. https as opposed to http, are the base on which almost all internet commerce is founded. Even when the transaction is not using a browser, TLS, the new name for SSL (so that the IVTF could make a ‘contribution’), is used underneath most client/server exchanges.
Can you imagine telnetting to a remote system today? The resulting exposure to attack, password interception, etc. has made telnet a thing of the distant past, along with rsh, rcp, etc.
The SSH protocol and tool-set, and SSHv2 in particular, now dominate this niche.
VPN technology allows safe deep business transactions with branch offices, trusted vendors, traveling employees, telecommuters, etc. IPSec in particular provides not just seemingly private channels, but encrypts the data flowing over those channels, which MPLS, ATM, etc. do not. Circuit emulators such as MPLS and ATM are vulnerable to tapping, aside from being topologically fragile; they are VNs not VPNs.
Pretty Good Privacy (PGP)
PGP allows us to exchange signed and strongly encrypted email where the content is non-repudiable, i.e. the sender can not claim that they did not send it. PGP can also be used to encrypt files on one’s hard drive. This free tool is so powerful that the US Government tried to suppress its export even more than their normal efforts.
It is also worth noting that trust in PGP is non-hierarchic; i.e. there is no central authority. PGP entities attest to each other’s identities in a ‘web of trust’ as opposed to a hierarchy. So it is quite decentralized, immune to compromise of ‘root trust anchors,’ etc.
X.509 certificates and the public key infrastructure to support them are used in browser authentication. The problem here is that, as they are totally hierarchic, they are as reliable as the Certifying Authority (CA) which issues them; and the commercial CAs which issue certificates have little financial incentive to really validate identity. There have been notable compromises of the X.509 certificate hierarchy.
Use of X.509 certificates for attesting to IP Address Space ownership will start coming into use at the RIRs and ISPs in 2008.
There is a second, far less used, email signing method which is used to some extent in the corporate world. Its function is similar to that of PGP, but it relies on an X.509 certificate hierarchy.
There are free, open source, tool-kits for all of the above. And they are incorporated in browsers, email packages, etc.
This is not to say that there are no security issues on the Internet. Certainly:
are all very real and are serious problems. But, thanks to the good folk who gave us the protocols and tools I listed above, and the applications which use them, we can walk safely through a dangerous city.
Again, as we can build a reliable Internet out of unreliable components, we can build secure applications and services which work well in today’s highly insecure environment. This is a big win.