On Thu, Jul 13, 2017 at 6:54 PM, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
On 7/12/2017 8:55 PM, Randy Bush wrote:
> defense in depth. you do what you can on every link and layer.
The problem with a generic cliche like defense in depth is that there is not way to judge what's meaningful and useful and what isn't. Obviously there is defense in depth if I run two anti-virus applications rather than only one? Oh... there isn't?
And the idea that it's best to do what you can at every layer presumably means that we need to put checksums back into IPv6?
On the other hand, the basic question of whether one is /positive/ that all activity is protected by TLS is worth considering (though such coverage was the premise to my original query.)
Defense in depth is ambiguous, I agree. But it is not bogus. End to end is also ambiguous as ideas on where the ends are differ.
For the Mesh protocols, I use a Triple Lock approach. which I have not finished writing up on. The idea is that we apply crypto at three different layers to achieve different effects.
1) Transport Layer: Confidentiality gives us protection against traffic analysis.
2) Session Layer: HTTP Web Service packets are authenticated with keys negotiated at the application layer. This provides for transaction isolation (no injection attacks) and authentication.
3) Data Level Signature: For non repudiation.
Although encryption is only mandated for every interaction at the first layer, it is usually applied at 2 and often required at 3 as well.