[Cryptography] IKE/ISAKMP/IPsec complexity by design

William Allen Simpson william.allen.simpson at gmail.com
Sat Sep 22 10:19:20 EDT 2018

On 9/18/18 2:06 PM, Paul Wouters wrote:
> On Mon, 10 Sep 2018, William Allen Simpson wrote:
>> Some of us remember that somebody from Boston with a 4-character
>> surname was known to be communicating with "Other Agency" to
>> prevent publication of IETF security protocols.
> Do you have written text or anything that would confirm that? 

My FBI file.  Took me 6 1/2 years to get even a partial copy.  It was
scanned in and posted for all to see in '99.  We discussed it on this
list (and elsewhere) at that time....

Now that Trump is declassifying FISA court files, maybe it's time to
see mine?

> Note that unlike TLS, the ESP and IKE protocols have had no protocol
> breakage. So while everyone is free to complain about the complexity of
> code involved, you can't argue that the designed-by-committe IKE/IPsec
> protocols are insecure. They haven't been broken in 25 years.
Really, you shouldn't joke on a mailing list without lots of emojis.
People might think you are serious.

IPsec was *NOT* originally designed by committee.  It was me, Phil
Karn, Perry Metzger, based upon previous work by John Ioannidis and
Matt Blaze, with a lot of text in the SIPP IPv6 WG by Ran Atkinson.

We had to do the work in the SIPP IPv6 WG, because the IAB forbade us
having an IPsec WG.  I was the original IANA registrant of IPv6.  We
later learned that the person on the IAB preventing us scheduling a WG
(or even a BoF) was named Steve Kent.

Unsurprisingly, that's a 4 character name from Boston.  See below.

ESP was quickly weakened by Kent, changing our original secret IV to
"in the clear".  It took a few years, but John Gilmore eventually
proved that change was exactly what was needed to make a practical DES
decryption device.

We posted 3DES, DESX, CBCS, and other enhancements that would make DES
IPsec harder to break.  The IETF refused to publish any of them.

Don't forget my paper, IKE/ISAKMP Considered Harmful, that showed
several ways to bring a Cisco router to its knees.  The IETF refused to
publish.  Fortunately, Usenix thought it important.

There have been many papers since.  The most recent was at Usenix
Security just last month.

>> And providing the
>> FBI with information to investigate those of us promoting IETF
>> security protocols.
> I'd love to see references of this. 

They were still using fixed pitch teletypes.  The 4 characters are
blacked out (redacted), but the attribution is Other Agency.

So all we know is Boston, attended IETF at Santa Fe, near Los Alamos.
Mentioned the seriousness of describing a cryptographic protocol to
foreign nationals attending a conference near Los Alamos.  Somehow
the conference location was important to the *treason* investigation.

That paper was PPP CHAP.  Only an authentication protocol.  But from
context we surmise they wanted to be able to learn your password --
so that they could impersonate you on-line.

More information about the cryptography mailing list