network protocols: myths, missteps, and mysteries · buzzwords • useful for impressing customers...
TRANSCRIPT
![Page 2: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/2.jpg)
Network Protocols
• A lot of what we all “know”
2
![Page 3: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/3.jpg)
Network Protocols
• A lot of what we all “know”….is not true!!
3
![Page 4: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/4.jpg)
How networking tends to be taught
• Memorize these standards documents, or the arcane details of some implementation that got deployed
• Nothing else ever existed – Except possibly to make vague, nontechnical,
snide comments about other stuff
4
![Page 5: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/5.jpg)
My philosophy on teaching (and books)
• Look at each conceptual problem, like how to autoconfigure an address
• Talk about a bunch of approaches to that, with tradeoffs
• Then mention how various protocols (e.g., IPv4, IPv6, Appletalk, IPX, DECnet, …) solve it
5
![Page 6: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/6.jpg)
But some professors say…
• Why is there stuff in here that my students don’t “need to know”?
6
![Page 7: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/7.jpg)
Standards…
7
![Page 8: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/8.jpg)
Things are so confusing
• Comparing technology A vs B – Nobody knows both of them – Somebody mumbles some vague marketing
thing, and everyone repeats it – Both A and B are moving targets
8
![Page 9: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/9.jpg)
Standards Bodies…
9
![Page 10: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/10.jpg)
What about “facts”?
• What if you measure A vs B?
10
![Page 11: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/11.jpg)
What about “facts”?
• What if you measure A vs B? • What are you actually measuring?...one
implementation of A vs one implementation of B
11
![Page 12: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/12.jpg)
What about “facts”?
• What if you measure A vs B? • What are you actually measuring?...one
implementation of A vs one implementation of B
• So don’t believe something unless you can figure out a plausible property of the two protocols that would make that true
12
![Page 13: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/13.jpg)
Buzzwords
• Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers • People who are sure they know the definition
disagree, so… • Be way more specific when talking between
engineers, or when thinking about a problem
13
![Page 14: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/14.jpg)
Think Critically
• Don’t believe everything you hear – Or even read in textbooks
• Don’t repeat things you don’t understand!
14
![Page 15: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/15.jpg)
This field is really confusing
• “Common knowledge” – Need IP+Ethernet because IP is “layer 3” and Ethernet
is “layer 2” – Security is built into IPv6, but is just an add-on to IPv4 – SDN is revolutionary stuff
15
![Page 16: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/16.jpg)
An example of something confusing
16
![Page 17: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/17.jpg)
The story of Ethernet
• What is Ethernet? • How does it compare/work with IP? • People talk about “layer 2 solutions” vs
“layer 3 solutions”. What’s that about?
17
![Page 18: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/18.jpg)
So, first we need to review network “layers”
• ISO credited with naming the layers • They defined 7 layers • It’s just a way of thinking about networks
18
![Page 19: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/19.jpg)
19
Perlman’s View of ISO Layers
• 1: Physical
![Page 20: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/20.jpg)
20
Perlman’s View of ISO Layers
• 1: Physical • 2: Data link: (neighbor to neighbor)
![Page 21: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/21.jpg)
21
Perlman’s View of ISO Layers
• 1: Physical • 2: Data link: (neighbor to neighbor) • 3: Network: create path, forward data (e.g., IP)
![Page 22: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/22.jpg)
22
Perlman’s View of ISO Layers
• 1: Physical • 2: Data link: (neighbor to neighbor) • 3: Network: create path, forward data (e.g., IP) • 4: Transport: end-to end (e.g., TCP, UDP)
![Page 23: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/23.jpg)
23
Perlman’s View of ISO Layers
• 1: Physical • 2: Data link: (neighbor to neighbor) • 3: Network: create path, forward data (e.g., IP) • 4: Transport: end-to end (e.g., TCP, UDP) • 5 and above:
![Page 24: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/24.jpg)
24
Perlman’s View of ISO Layers
• 1: Physical • 2: Data link: (neighbor to neighbor) • 3: Network: create path, forward data (e.g., IP) • 4: Transport: end-to end (e.g., TCP, UDP) • 5 and above: …. boring
![Page 25: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/25.jpg)
So…why are we forwarding Ethernet packets?
• Ethernet was intended to be layer 2 • Just between neighbors – not forwarded
25
![Page 26: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/26.jpg)
So…why are we forwarding Ethernet packets?
• Ethernet was intended to be layer 2 • Just between neighbors – not forwarded • What exactly is Ethernet?
26
![Page 27: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/27.jpg)
So…why are we forwarding Ethernet packets?
• Ethernet was intended to be layer 2 • Just between neighbors – not forwarded • What exactly is Ethernet? • No way to understand it without seeing the
history
27
![Page 28: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/28.jpg)
Back then…
• I was the designer of layer 3 of DECnet – the routing protocol I designed was adopted by ISO and
renamed IS-IS • Layer 3 calculates paths, and forwards packets • Layer 2 just marked beginning and end of packet,
and checksum (links between two nodes)
28
![Page 29: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/29.jpg)
Router/Bridge/Switch
29
packet
Router/switch
Forwarding table
![Page 30: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/30.jpg)
Computing the Forwarding Table
30
![Page 31: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/31.jpg)
Computing the Forwarding Table
• Could be done with a central node – ATM, Infiniband, …
• Or with a distributed algorithm
31
![Page 32: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/32.jpg)
32
Distributed Routing Algorithms
![Page 33: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/33.jpg)
33
Distributed Routing Protocols
• Rtrs exchange info • Use it to calculate forwarding table
![Page 34: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/34.jpg)
34
A B C
D E F G
6 2 5
1
2 1 2 2 4
A B/6 D/2
B A/6 C/2 E/1
C B/2 F/2 G/5
D A/2 E/2
E B/1 D/2 F/4
F C/2 E/4 G/1
G C/5 F/1
![Page 35: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/35.jpg)
Back to history
• I was doing layer 3 • Then along came Ethernet
35
![Page 36: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/36.jpg)
Original Ethernet
• CSMA/CD…shared bus, peers, no master – CS: carrier sense (don’t interrupt) – MA: multiple access (you’re sharing the air!) – CD: listen while talking, for collision
• Lots of papers about goodput under load only about 60% or so because of collisions
• Limited in # of nodes (maybe 1000), distance (kilometer or so)
36
![Page 37: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/37.jpg)
I saw Ethernet as a new type of link
• I had to modify the routing protocol to accommodate this type of link
• For instance, the concept of “pseudonodes” and “designated routers” so that instead of n2 links, it’s n links with n+1 nodes
37
![Page 38: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/38.jpg)
38
Instead of: Use pseudonode
Pseudonodes
![Page 39: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/39.jpg)
But Ethernet was a link in a network, not a network
• I wish they’d called it “Etherlink”
39
![Page 40: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/40.jpg)
40
Ethernet packet
data dest source
![Page 41: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/41.jpg)
41
Layer 3 Packet
data dest source hop cnt
![Page 42: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/42.jpg)
It’s easy to confuse Ethernet with layer 3
• It looks sort of the same • No hop count field… • Flat addresses (no way to summarize a
bunch of addresses in a forwarding table) • But it never occurred to the Ethernet
inventors that anyone would be forwarding an Ethernet packet
42
![Page 43: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/43.jpg)
So…why are we forwarding Ethernet packets?
43
![Page 44: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/44.jpg)
How Ethernet evolved from CSMA/CD to spanning tree
• People got confused, and thought Ethernet was a network (layer 3) instead of a link (layer 2)
• Built apps on Ethernet, with no layer 3 • Router can’t forward without the right envelope • I tried to argue…
44
![Page 45: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/45.jpg)
45
Problem Statement (from about 1983)
Need something that will sit between two Ethernets, and let a station on one Ethernet talk to another
A C
![Page 46: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/46.jpg)
46
Problem Statement (from about 1983)
Need something that will sit between two Ethernets, and let a station on one Ethernet talk to another
A C
Without modifying the endnode, or Ethernet packet, in any way!
![Page 47: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/47.jpg)
47
A C
Basic concept
D E
X J
X,C A
Listen promiscuously Forward on other ports, based on learned (source, port)
![Page 48: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/48.jpg)
How about require physical tree topology?
• What about miscabling? • What about backup paths? • So…spanning tree algorithm
– Allowing any physical topology – Pruning to a loop-free topology for sending
data
48
![Page 49: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/49.jpg)
49
9 3
4
11 7
10
14
2 5
6
A
X
Physical Topology
![Page 50: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/50.jpg)
50
9 3
4
11 7
10
14
2 5
6
A
X
Pruned to Tree
![Page 51: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/51.jpg)
51
Algorhyme
I think that I shall never see A graph more lovely than a tree.
A tree whose crucial property Is loop-free connectivity.
A tree which must be sure to span So packets can reach every LAN.
First the root must be selected, By ID it is elected.
Least cost paths from root are traced, In the tree these paths are placed.
A mesh is made by folks like me. Then bridges find a spanning tree.
Radia Perlman
![Page 52: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/52.jpg)
52
Bother with spanning tree?
• Maybe just tell customers “don’t do loops” • First bridge sold...
![Page 53: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/53.jpg)
53
First Bridge Sold
A C
![Page 54: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/54.jpg)
CSMA/CD died long ago
• A variant is used on wireless links • But wired Ethernet quickly became pt-to-pt
links, and spanning tree • So “Ethernet” today has nothing to do with
all the papers about CSMA/CD
54
![Page 55: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/55.jpg)
Rant: New words for no reason
55
![Page 56: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/56.jpg)
Switches
• One day I was told “Nobody cares about bridges anymore…the new thing is switches”
56
![Page 57: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/57.jpg)
Switches
• One day I was told “Nobody cares about bridges anymore…the new thing is switches”
• OK…what’s a switch?
57
![Page 58: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/58.jpg)
Switches
• One day I was told “Nobody cares about bridges anymore…the new thing is switches”
• OK…what’s a switch? – More ports? – Faster? – In hardware?
58
![Page 59: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/59.jpg)
Why not get rid of Ethernet and use only IP?
• Original problem: no layer 3 in the network stack, and multiple layer 3 protocols (IP, Appletalk, IPX, DECnet)
• World has converged to IP as layer 3, and it’s in the network stacks
59
![Page 60: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/60.jpg)
Why not get rid of Ethernet and use only IP?
• Just put your data in a layer 3 envelope! • Hook entire network together with layer 3 • On a point-to-point link, you don’t need 6-
byte layer 2 addresses…you don’t need any layer 2 addresses!
• Problem: an annoying property of IP
60
![Page 61: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/61.jpg)
What’s wrong with IP?
• IP protocol requires every link to have a unique block of addresses
• Routers need to be configured with which addresses are on which ports
• If something moves, its IP address changes
61
![Page 62: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/62.jpg)
62
Layer 3 doesn’t have to work that way!
• CLNP / DECnet...20 byte address – Bottom level of routing is a whole cloud with the
same 14-byte prefix – Routing is to 6 byte ID inside the cloud – Enabled by “ES-IS” protocol, where endnodes
periodically announce themselves to the routers
14 bytes 6 bytes
Prefix shared by all nodes in large cloud Endnode ID
![Page 63: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/63.jpg)
63
IP Plus Ethernet CLNP
Ethernet
IP gets you to Ethernet “link”
Need to do ARP to get Ethernet address
Bottom 6 bytes of CLNP
Top 14 bytes of CLNP address gets you to “cloud”
True layer 3 routing inside final circle
CSMA/CD? Spanning tree? TRILL?
![Page 64: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/64.jpg)
64
Hierarchy One prefix per link (like IP) One prefix per campus (like CLNP)
2*
25*
28*
292*
22* 293*
2*
![Page 65: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/65.jpg)
65
Worst decision ever
• 1992…Internet could have adopted CLNP • Easier to move to a new layer 3 back then
– Internet smaller – Not so mission critical – IP hadn’t yet (out of necessity) invented DHCP, NAT, so CLNP
gave understandable advantages
• CLNP was deployed by all the vendors, TCP easily modified to run over CLNP
• IPv6 still not better than CLNP! (IPv6 also routes to a link, so will require Ethernet clouds, and ARP-like thing)
![Page 66: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/66.jpg)
Somewhat neglected research areas
• Resilience despite malicious participants • Usability
66
![Page 67: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/67.jpg)
Malicious Participants
• All sorts of things can be subverted with a small number of malicious participants – “How a Lone Hacker Shredded the Myth of
Crowdsourcing” • https://medium.com/backchannel/how-a-lone-
hacker-shredded-the-myth-of-crowdsourcing-d9d0534f1731
• Things that shouldn’t work (but seem to): wikipedia, ebay
67
![Page 68: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/68.jpg)
Defense against malicious participants
• Problems and solutions are really diverse • Three things I’ve looked at
– PKI models that limit damage from a malicious CA
– Network that guarantees A and B can talk provided there is at least one honest path between them (my thesis)
– Reliable expiration of data
68
![Page 69: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/69.jpg)
But with limited time, I can only talk about one or two
• I’ll be around in the next couple of days if you want to hear about the others
69
![Page 70: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/70.jpg)
What’s a PKI?
• A way for Alice to securely know Bob’s public key • If Alice knows Bob’s public key, he can authenticate • It involves a trusted third party known as a CA
(certification authority) that signs a document saying “I certify that 279284792837298 is Bob’s public key”
• Bob might send cert(s) to Alice, or Alice might retrieve them from a directory
70
![Page 71: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/71.jpg)
PKI Models
• Monopoly • Oligarchy • Anarchy • Bottom-up
![Page 72: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/72.jpg)
Monopoly
• Choose one universally trusted organization • Embed their public key in everything that
needs to verify certificates • Make everyone get certificates from them • Simple to understand and implement
![Page 73: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/73.jpg)
Monopoly: What’s wrong with this model?
• Monopoly pricing • Getting certificate from remote organization
will be insecure or expensive (or both) • More widely it’s deployed, harder to change
the CA key to switch to a different CA • That one organization can impersonate
everyone
![Page 74: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/74.jpg)
Oligarchy of CAs
• Come configured with 100 or so trusted CA public keys
• Usually, can add or delete from that set • Eliminates monopoly pricing
![Page 75: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/75.jpg)
What’s wrong with oligarchy?
• Less secure! – Any of those organizations can impersonate
anyone
![Page 76: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/76.jpg)
Certificate Chains
• Allow configured CAs to issue certs for other public keys to be trusted CAs
• Configured CA’s: “trust anchors” • Accept chain of certs
– Alice configured to trust X1 – Bob has chain
• “X1 says this is X2’s key” • “X2 says this is X3’s key” • “X3 says this is Bob’s key”
![Page 77: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/77.jpg)
Anarchy
• User personally configures trust anchors • Anyone signs certificate for anyone else • Public databases of certs (read and write) • Problems
– won’t scale (too many certs, computationally too difficult to find path)
– no practical way to tell if path should be trusted – (more or less) anyone can impersonate anyone
![Page 78: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/78.jpg)
Now getting to recommended model
• CA trust isn’t binary: “trusted” or “not” • CA only trusted for a portion of the namespace
– The name by which you know me implies who you trust to certify my key
• Radia.perlman.emc.com • Roadrunner279.socialnetworksite.com • Creditcard#8495839.bigbank.com
– Whether they are the same carbon-based life form is irrelevant
78
![Page 79: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/79.jpg)
Need hierarchical name space
• Yup! We have it (DNS) • Each node in namespace represents a CA
79
![Page 81: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/81.jpg)
Top-down model
• Everyone configured with root key • Easy to find someone’s public key (just
follow namespace) • Problems:
– Still monopoly at root – Root can impersonate everyone
81
![Page 82: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/82.jpg)
Bottom-Up Model (what I recommend)
• Each arc in name tree has parent certificate (up) and child certificate (down)
![Page 83: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/83.jpg)
Within an organization
abc.com
nj.abc.com ma.abc.com
![Page 84: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/84.jpg)
Need cross-certificates
• Cross-cert: Any node can certify any other node’s key – So you don’t have to wait for PKI for whole
world to be created first – Can bypass hierarchy for extra security
84
![Page 85: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/85.jpg)
Cross-links to connect two organizations
abc.com xyz.com
![Page 86: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/86.jpg)
Cross-link for added security
abc.com xyz.com
root
![Page 87: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/87.jpg)
Note: Crosslinks do not create anarchy model
• You only follow a cross-link if it leads to an ancestor of target name
87
![Page 88: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/88.jpg)
Advantages of Bottom-Up
• For organization, no need to pay for certificates • Security within your organization is controlled by
your organization • No single compromised key requires massive
reconfiguration • Easy to compute paths; trust policy is natural, and
makes sense • Malicious CA’s can be bypassed, and damage
contained
![Page 89: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/89.jpg)
Another example of being resilient
89
![Page 90: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/90.jpg)
Reliably store data, then reliably expire it
• When create data, put (optional) “expiration date” in metadata
• After expiration, data must be unrecoverable, even though backups will still exist
90
![Page 91: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/91.jpg)
Obvious approach
• Encrypt the data, and then destroy keys • But to avoid prematurely losing data, you’d
have to make lots of copies of the keys • Which means it will be difficult to ensure
all copies of backups of expired keys are destroyed
91
![Page 92: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/92.jpg)
First concept: Encrypt all files with same expiration date with the same key
92
![Page 93: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/93.jpg)
File system with Master keys
Master keys
S1 Jan 7, 2015 S2 Jan 8, 2015 S3 Jan 9, 2015 …
file Exp 01/08/15 {K}S2
Encrypted With K
Master keys: Secret keys (e.g., AES) generated by storage system Delete key upon expiration
93
![Page 94: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/94.jpg)
How many keys?
• If granularity of one per day, and 30 years maximum expiration, 10,000 keys
94
![Page 95: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/95.jpg)
So…how do you back up the master keys?
95
![Page 96: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/96.jpg)
Imagine a service: An “ephemerizer”
• creates, advertises, protects, and deletes public keys
• Storage system “ephemerizes” each master key on backup, by encrypting with (same expiration date) ephemerizer public key
• To recover from backup: storage system asks ephemerizer to decrypt
96
![Page 97: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/97.jpg)
Ephemerizer publicly posts
Jan 7, 2015: public key PJan7of2015 Jan 8, 2015: public key PJan8of2015 Jan 9, 2015: public key PJan9of2015 Jan 10, 2015: public key PJan10of2015
etc
One permanent public key P certified through PKI Signs the ephemeral keys with P 97
![Page 98: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/98.jpg)
Storage system with Master keys
Master keys
S1 Jan 7, 2015 S2 Jan 8, 2015 S3 Jan 9, 2015 …
file Exp 01/08/15 {K}S2
Encrypted With K
Master keys: Secret keys (e.g., AES) generated by storage system
98
![Page 99: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/99.jpg)
Backup of Master Keys Master keys
S1 Jan 7, 2015 S2 Jan 8, 2015 S3 Jan 9, 2015 …
Ephemerizer keys P1 Jan 7, 2015 P2 Jan 8, 2015 P3 Jan 9, 2015
…
{S1}P1, Jan 7, 2015 {S2}P2, Jan 8, 2015 {S3}P3, Jan 9, 2015 …
file Exp 01/08/15 {K}S2
Encrypted With K Encrypted with G
Sysadmin secret 99
Backup of keys
![Page 100: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/100.jpg)
Notes
• Only talk to the ephemerizer if your hardware with master keys dies, and you need to retrieve master keys from backup
• Ephemerizer really scalable: – Same public keys for all customers (10,000 keys for 30
years, one per day) – Only talk to a customer perhaps every few years…to
unwrap keys being recovered from backup
100
![Page 101: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/101.jpg)
But you might be a bit annoyed at this point
101
![Page 102: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/102.jpg)
But you might be a bit annoyed at this point
• Haven’t we simply pushed the problem onto the ephemerizer?
• It has to reliably keep private keys until expiration, and then reliably delete them
102
![Page 103: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/103.jpg)
Two ways ephemerizer can “fail”
• Prematurely lose private keys • Fail to forget private keys
103
![Page 104: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/104.jpg)
Two ways ephemerizer can “fail”
• Prematurely lose private keys • Fail to forget private keys • Let’s worry about these one at a time…first
worry about losing keys prematurely
104
![Page 105: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/105.jpg)
Losing keys prematurely
• We will allow an ephemerizer to be flaky, and lose keys
• Generate keys, and do decryption, on tamper-proof module
• An honest ephemerizer should not make copies of its ephemeral private keys
• So…wouldn’t it be a disaster if it lost its keys when a customer needs to recover from backup?
105
![Page 106: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/106.jpg)
The reason why it’s not just pushing the problem
• You can achieve arbitrary robustness by using enough “flaky” ephemerizers! – Independent ephemerizers
• Different organizations • Different countries • Different continents
– Independent public keys
106
![Page 107: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/107.jpg)
Use multiple ephemerizers! Master keys
S1 Jan 7, 2015 S2 Jan 8, 2015 S3 Jan 9, 2015 …
Ephemerizer keys P1 Jan 7, 2015 P2 Jan 8, 2015 P3 Jan 9, 2015
…
Q1 Jan 7, 2015 Q2 Jan 8, 2015 Q3 Jan 9, 2015
… {S1}P1, {S1}Q1 Jan 7, 2015 {S2}P2, {S2}Q2 Jan 8, 2015 {S3}P3, {S3}Q3 Jan 9, 2015 …
file Exp 01/08/15 {K}S2
Encrypted With K Encrypted with G
Sysadmin secret 107
Backup of keys
![Page 108: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/108.jpg)
What if ephemerizer doesn’t destroy private key when it should?
• Then the storage system can use a quorum scheme (k out of n ephemerizers) – Break master key into n pieces, such that a
quorum of k can recover it – Encrypt each piece with each of the n
ephemerizers’ public keys
108
![Page 109: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/109.jpg)
If I had more time…
• A really cool protocol for asking the ephemerizer to decrypt – Super lightweight (one packet each direction, less
computation than an SSL connection) – Gives the ephemerizer no information when it decrypts!
• After a disaster, only need to ask the ephemerizer for one decryption!
• And other cute little things…
109
![Page 110: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/110.jpg)
Another neglected topic: usability
110
![Page 111: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/111.jpg)
Usability
• Engineers should actually meet some humans, then they’d stop having programs ask questions like:
111
![Page 112: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/112.jpg)
Usability
• Engineers should actually meet some humans, then they’d stop having programs ask questions like: – Do you want to display both the secure and
insecure items? – Do you want POP or IMAP?
112
![Page 113: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/113.jpg)
It’s common to have to trade off usability vs security
113
![Page 114: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/114.jpg)
It’s common to have to tradeoff usability vs security
usability
security 114
![Page 115: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/115.jpg)
Unusable and insecure!
usability
security 115 We are here
![Page 116: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/116.jpg)
User authentication
• Every site has different rules for usernames and passwords – At least n characters, no more than x characters,
must have at least one letter, one number, one special character, must not contain anything but letters and numbers, ….
116
![Page 117: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/117.jpg)
User authentication
“Sorry, but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the blood of a virgin.” ……………………(unknown author)
117
![Page 118: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/118.jpg)
Can we do worse? Yes!!
• I had to set a password and got the message – “Your password does not meet our length,
complexity, or history rules” • It didn’t even tell me the rules!!!
118
![Page 119: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/119.jpg)
Security questions
• Who comes up with these? – Father’s middle name – 2nd grade teacher’s name – Veterinarian’s name – Favorite sports team – My middle name
119
![Page 120: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/120.jpg)
Why not let us create our own questions?
120
![Page 121: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/121.jpg)
Annoying rules that add nothing to security
• Must change password at least every n days • If you forget your password, you can’t reset
it to the one you were using (that you temporarily forgot)
• These sorts of rules actually lower security! • But they are written into “best practices”, so
companies must do them
121
![Page 122: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/122.jpg)
User authentication
• I do not want to hear…
122
![Page 123: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/123.jpg)
User authentication
• I do not want to hear… “We need better user training”
123
![Page 124: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/124.jpg)
People
“Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed, but they are sufficiently pervasive that we must design our protocols around their limitations.”
– Network Security: Private Communication in a Public World
![Page 125: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/125.jpg)
125
Protocols and Life
![Page 126: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/126.jpg)
126
Protocols that don’t work
![Page 127: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/127.jpg)
127
Protocols that don’t work
• “We’ll call you if there is a problem” • “We’ll call you if we want to hire you”
![Page 128: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/128.jpg)
128
Protocols that don’t work
• “We’ll call you if there is a problem” • “We’ll call you if we want to hire you” • “Tomorrow at 2 PM there will be a fire
drill. Ignore all sounds and behavior of the staff at that time.”
![Page 129: Network Protocols: Myths, Missteps, and Mysteries · Buzzwords • Useful for impressing customers • They don’t necessarily mean anything. • They traumatize most engineers •](https://reader036.vdocument.in/reader036/viewer/2022081517/5fd85b6f7b255768153b6cfe/html5/thumbnails/129.jpg)
Parting Thoughts
• What “wins out in the market place” isn’t necessarily the best thing
• Like English, if existing stuff can do the job, or be tweaked, it’s hard to replace it
• Don’t believe (or repeat) things you can’t understand…they are often false
• Know what problem you’re solving before you try to solve it!
129