Okay, your bringing up several issues here.
First, IP spoofing can be stopped ONLY if you have complete control
over your network infrastructure, (topology, routers etc.) For
connections over the Internet, you do not have this. For a simple
explanation of IP spoofing attack, you first take out the legitimate
network (with something as simple as a flood ping), set up a router
(or exploit someone elses router) to announce that its the new
gateway for the new IP spoofed network, and there you go.
Second, IP address spoofing can be used to spoof a host identity,
but its not the only way... The real issue is the authenticity
of the certificate presented to you. If you never actually seen
the certificate, how do you know its the 'Official' certificate.
(If both parties trust A single third party X.509 CA signiture,
this can be accomplished, If you don't agree upon the CA, well...)
The trustworthness of the CA can become an issue. If a sign up
for a Verisign class 1 certificate and say I'm Bill Clinton, for
only a $9.95 a year registration fee do you think they will do a
background check to see if I am Bill Clinton?
Third, Hand held authenticators and one-time password (Skey), and
security tokens (KERBEROS) do have their uses, but are not suitable
for all networks tasks. (For instance, are you always logged in
and waiting when your sendmail daemon wants to deliver you mail?).
Also, these are (OSI network model) session/application authentication,
which means you need special support for your authentication method.
Using network/transport level authentication and encryption,(SKIP/IPSEC)
the challenge and responce handshake is invisible to the application.
You can use off the shelf telnet, ftp, etc., and use the SKIP/IPSEC
encryption to hide the otherwise clear text traffic. If your really
paranoid, you use SKIP/IPSEC to provide host to host authentication
(Stopping network attacks from non-authenticated hosts), and combine
it with session encryption (SSL, KERBEROS) to provide User
authentication and tracking...
Fourth, X.509 certificates are used for Web objects (SSL) but are
not limited to web objects. The are X.509 requirements and proposals
for SKIP, ISAKMP/IPSEC, S/MIME, Secure DNS....
Personal Opinions provided by
aka leonard @
Gemini Computers Inc.
On 5 Feb 1998 manuel .
> I don't see how the problem would be IP spoofing,
> since unless the 'spoofer' was on the same net as the 'spoofed', he wouldn't
> receive you messages (for key exchange, for eg.) anyway.
> Besides, you can use a one-time password or token scheme to authenticate the
> remote user, regardess of the PC he's sitting at.
> CA's give you the means to authenticate to anybody else, and that's why they're
> used to certify Web objects. You don't need it for peer-to-peer communication.
> Please do correct me if I'm wrong, I'm still learning a lot of this stuff.