freebsd security - Nov 2015 - OpenSSH HPN

I don't think there is such a thing as a trusted network. That is a unicorn
these days.

If you are using ssh to connect to the VPN server itself over the VPN
connection, I can see why that would be useless double encryption. However,
if you are connecting to a server on the network on the other side of the
VPN, I would still use ssh. No networks should be considered trusted.

Here is a great article about Beyond Corp, a Google project based on the
idea that trusted networks do not exist in reality, and that systems need
to be built with this in mind.
https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf


On Tue, Nov 10, 2015 at 8:41 PM, John-Mark Gurney <jmg at funkthat.com>
wrote:
> Bryan Drewery wrote this message on Tue, Nov 10, 2015 at 16:32 -0800:
> > On 11/10/15 9:52 AM, John-Mark Gurney wrote:
> > > My vote is to remove the HPN patches.  First, the NONE cipher
made more
> > > sense back when we didn't have AES-NI widely available, and
you were
> > > seriously limited by it's performance.  Now we have both
aes-gcm and
> > > chacha-poly which it's performance should be more than
acceptable for
> > > today's uses (i.e. cipher performance is 2GB/sec+).
> >
> > AES-NI doesn't help the absurdity of double-encrypting when using
scp or
> > rsync/ssh over an encrypted VPN, which is where NONE makes sense to
use
> > for me.
>
> Different layers of protection...
>
> Do you disable all encryption when you're transiting trusted networks
> like your VPN?  If you don't, why is that ssh session so special?
>
> --
>   John-Mark Gurney                              Voice: +1 415 225 5579
>
>      "All that I will do, has been done, All that I have, has
not."
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org
> "
>

On Wed, Nov 11, 2015 at 4:29 PM, Robert Simmons <rsimmons0 at gmail.com>
wrote:
> I don't think there is such a thing as a trusted network. That is a
unicorn
> these days.
>
> No networks should be considered trusted.
>
oh baloney. That's just a clever way to say you want to stop thinking about
trust.

If I've connected two machines directly, that network is more trustworthy
than any encryption. This is not rare, but typical for system recovery,
which is where nc and ssh with the none cipher are highly useful.

It's also not a bridge too far to claim a network is trusted when it has
1000 computers on a special-purpose processing network with access only
allowed by the admins that built it, and perhaps an API. In those networks,
the nodes work together like storage and CPUs work together in a single
computer. The only difference is that SATA disks and x86 CPUs are replaced
by general-purpose computers running Cassandra and Nginx, connected by
ethernet, so that you can connect thousands together instead of dozens. Do
you always insist on encryption on your SATA cables and memory buses?

That sort of special-purpose network is not rare either; rather it's
typical for internet services where the load is beyond what a single
machine can handle, or clusters that run models that are too large for a
single machine.

Trustworthy networks do exist. They just aren't the same networks as 20
years ago.

-- 

As implied by email protocols, the information in this message is
not confidential.  Any middle-man or recipient may inspect, modify,
copy, forward, reply to, delete, or filter email for any purpose unless
said parties are otherwise obligated.  As the sender, I acknowledge that
I have a lower expectation of the control and privacy of this message
than I would a post-card.  Further, nothing in this message is
legally binding without cryptographic evidence of its integrity.

http://bilbo.hobbiton.org/wiki/Eat_My_Sig