On Apr 10, 2007, at 6:50 PM, Craig Wright wrote:
> Please demonstrate your hypothetical controls. Stating your hypothesis
> in an intestable way does nothing to further the argument.
Control:
Limiting access to a potentially vulnerable daemon by 99.9% of the
Internet population. So legitimate users are allowed in without
issue, while nobody else on the Internet even knows a daemon exists.
Cost:
Configure your firewall device to handle PK or SPA and deploy the
augmented client.
--
In my view this is a big win for the organization if the technologies
can be used. Not all infrastructures support PK or SPA technology
yet, but one can imagine them being used for VPNs and a number of
other applications.
But that isn't even the point: the point is that just because
obscurity is used as part of the total approach does NOT mean the
system is somehow weakened. The Kerckhoff Principle applies when
security RESTS on secrecy, not when it's added as a layer on top of
existing systems.
As an example, if you have a tested VPN system that gave, say, 7
points of security (lame, but bear with me). So you then added a
layer of obscurity on top of it that gave an additional 2 points,
you'd have a total of 9. Well, if you have a compromise to your
obscurity of said system, what would you fall back to?
4?
2?
No -- 5.
5 is what you started with WITHOUT the layer, so you can't fall below
that. This is true simply because the two layers are independent of
each other. We're not talking about a cryptographic algorithm where
the scrutiny of the algorithm is PART of the security itself.
In this case we're building a completely isolated and independent
layer, and as such the Kerckhoff principle does not apply. Again, 5 +
2 - 2 = 5, not less than 5.
--
Daniel Miessler
E: daniel_at_dmiessler.com
W: http://dmiessler.com
G: 0xDA6D50EAC
Received on Apr 11 2007
Intro
