On 4 Apr 2015, at 19:24, Hans Petter Selasky <h...@selasky.org> wrote:

> The IPv4 protocol was intentionally designed to be such, that in any ways 
> trying to make it more secure, will require additional CPU overhead, like 
> keeping track of 2-tuples for generating per-stream IP IDs, that it will not 
> be feasible in practice and then vendors will do insecure implementations 
> instead of secure implementations to get the needed performance. The IP ID 
> field was then intentionally designed to be too small, 16-bit. If Snowden 
> leaks documents on this, would for sure confirm this claim.

Remember that TCP/IP is a product of 1980s computer architecture and 
communication technologies. While it's true that a number of the key design 
decisions from that period are suited for very different problems than we face 
today (e.g., a real concern with global passive adversaries), they were also 
working with far more limited communications speeds, processor speeds, and 
memory sizes. Although I wasn't there myself, you have to suspect that some 
folk involved felt that 16 bits was far too much when prevailing communication 
speeds were <9,600bps.

More generally, though, the covert channel problem is actually a fundamental 
one to the design of computer systems, and in the territory of "we just don't 
know how to engineer solutions to this problem in a scalable way" still. Maybe 
another 10-20 years will fix that, especially with formal techniques becoming 
more viable. In the end, I think that does need to the approach due to 
weakest-link concerns in security. The good news is that formal methods are 
starting to become viable at scale, so there is real hope in that regard (I 
believe, anyway).

I think there is real, interesting, and immediate work to do in improving our 
IP ID implementation though, which will have substantial performance and 
functionality benefits, along with the side effect of reducing the impact of 
the covert channel you've raised, though. Hopefully that's something we can 
sort out in the next few months since it will help with contention issues such 
as the one raised.

Robert

> 
> OK, Robert, I fully understand and will not touch this issue any more before 
> my head gets cut off :-) I appreciate your openness and willingness to share 
> information on this issue. You know the IPv4 history even before I came to 
> this world.
> 
> --HPS

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to