[Cryptography] To what is Anderson referring here?

[Dan McDonald]

On Fri, Jun 06, 2014 at 01:53:50PM +1200, Peter Gutmann wrote:
> Dan McDonald <danmcd at kebe.com> writes:
> >On Thu, Jun 05, 2014 at 09:29:27PM +1200, Peter Gutmann wrote:
> >> Heck, the IPsec folks more or less made this explicit:
> >>
> >>   all password-based authentication is insecure; IPsec is designed to be
> >>   secure; therefore, you have to deploy a PKI for it
> >
> >A noticeable amount of IPsec deployments (IKE to be precise) uses PSK. 
> 
> Yup, and most of that came about because people realised that if you forced
> users to deploy PKI as a precondition to deploying IPsec, IPsec would never
> get deployed.  It's certainly a lot better now, but in the early days when
> keying was supposed to be PKI-or-nothing, vendors got around the problem by
> adding homebrew "management tunnels" to do the PSK (things like single-DES in
> ECB mode, or only encrypting data in 8-byte blocks and leaving the rest in
> plaintext because (a) they didn't know how to encrypt less than 8 bytes and
> (b) "the little leftover bit won't be interesting anyway", or using a
> hardwired key with an IPsec SA to communicate the PSK, or ...).

So called "secure VPNs" with widely-shared PSKs and (ewww) XAUTH for use with
existing authentication infrastructures was what I saw a lot of.

Generally I'm still bitter about internal-corporate-resistance causing
Solaris to be late to the party with IPsec and IKE.  OTOH, seeing what others
did let us make very sane implementation choices (like v. easy generation and
use of self-signed certs) that quite frankly, I still use today (albeit on
Illumos).

Ahh, if I only had paying cycles to bring an open-source IKEv2 to illumos.
Any bullshit I encountered at Sun *paled* to what the Lawnmower brought.
(And IKEv2 is in S11.2. Pity we'll never see its source. There're still good
people working on Solaris.)

Dan