On 4 Apr 2015, at 19:24, Hans Petter Selasky <h...@selasky.org> wrote:
> The IPv4 protocol was intentionally designed to be such, that in any ways > trying to make it more secure, will require additional CPU overhead, like > keeping track of 2-tuples for generating per-stream IP IDs, that it will not > be feasible in practice and then vendors will do insecure implementations > instead of secure implementations to get the needed performance. The IP ID > field was then intentionally designed to be too small, 16-bit. If Snowden > leaks documents on this, would for sure confirm this claim. Remember that TCP/IP is a product of 1980s computer architecture and communication technologies. While it's true that a number of the key design decisions from that period are suited for very different problems than we face today (e.g., a real concern with global passive adversaries), they were also working with far more limited communications speeds, processor speeds, and memory sizes. Although I wasn't there myself, you have to suspect that some folk involved felt that 16 bits was far too much when prevailing communication speeds were <9,600bps. More generally, though, the covert channel problem is actually a fundamental one to the design of computer systems, and in the territory of "we just don't know how to engineer solutions to this problem in a scalable way" still. Maybe another 10-20 years will fix that, especially with formal techniques becoming more viable. In the end, I think that does need to the approach due to weakest-link concerns in security. The good news is that formal methods are starting to become viable at scale, so there is real hope in that regard (I believe, anyway). I think there is real, interesting, and immediate work to do in improving our IP ID implementation though, which will have substantial performance and functionality benefits, along with the side effect of reducing the impact of the covert channel you've raised, though. Hopefully that's something we can sort out in the next few months since it will help with contention issues such as the one raised. Robert > > OK, Robert, I fully understand and will not touch this issue any more before > my head gets cut off :-) I appreciate your openness and willingness to share > information on this issue. You know the IPv4 history even before I came to > this world. > > --HPS _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
