[Cryptography] Opening Discussion: Speculation on "BULLRUN"
Jeffrey I. Schiller
jis at mit.edu
Sun Sep 8 21:23:33 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Sep 06, 2013 at 05:22:26PM -0700, John Gilmore wrote:
> Speaking as someone who followed the IPSEC IETF standards committee
> pretty closely, while leading a group that tried to implement it and
> make so usable that it would be used by default throughout the
> Internet, I noticed some things:
Speaking as one of the Security Area Directors at the time...
I have to disagree with your implication that the NSA intentionally
fouled the IPSEC working group. There were a lot of people working to
foul it up! I also don’t believe that the folks who participated,
including the folks from the NSA, were working to weaken the
standard. I suspect that the effort to interfere in standards started
later then the IPSEC work. If the NSA was attempting to thwart IETF
security standards, I would have expected to also see bad things in
the TLS working group and the PGP working group. There is no sign of
their interference there.
The real (or at least the first) problem with the IPSEC working group
was that we had a good and simple solution, Photuris. However the
document editor on the standard decided to claim it (Photuris) as his
intellectual property and that others couldn’t recommend changes
without his approval. This effectively made Photuris toxic in the
working group and we had to move on to other solutions. This is one of
the events that lead to the IETF’s “Note Well” document and clear
policy on the IP associated with contributions. Then there was the
ISAKMP (yes, an NSA proposal) vs. SKIP. As Security AD, I eventually
had to choose between those two standards because the working group
could not generate consensus. I believed strongly enough that we
needed an IPSEC solution so I decided to choose (as I promised the
working group I would do if they failed to!). I chose ISAKMP. I posted
a message with my rationale to the IPSEC mailing list, I’m sure it is
still in the archives. I believe that was in 1996 (I still have a copy
somewhere in my personal archives).
At no point was I contacted by the NSA or any agent of any government
in an attempt to influence my decision. Folks can choose to believe
this statement, or not.
IPSEC in general did not have significant traction on the Internet in
general. It eventually gained traction in an important niche, namely
VPNs, but that evolved later.
IPSEC isn’t useful unless all of the end-points that need to
communicate implement it. Implementations need to be in the OS (for
all practical purposes). OS vendors at the time were not particularly
interested in encryption of network traffic.
The folks who were interested were the browser folks. They were very
interested in enabling e-commerce, and that required
encryption. However they wanted the encryption layer someplace where
they could be sure it existed. An encryption solution was not useful
to them if it couldn’t be relied upon to be there. If the OS the user
had didn’t have an IPSEC layer, they were sunk. So they needed their
own layer. Thus the Netscape guys did SSL, and Microsoft did PCT and
in the IETF we were able to get them to work together to create
TLS. This was a *big deal*. We shortly had one deployed interoperable
encryption standard usable on the web.
If I was the NSA and I wanted to foul up encryption on the Internet,
the TLS group is where the action was. Yet from where I sit, I didn’t
see any such interference.
If we believe the Edward Snowden documents, the NSA at some point
started to interfere with international standards relating to
encryption. But I don’t believe they were in this business in the
1990’s at the IETF.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the cryptography