[Cryptography] IPsec DH parameters, other flaws

[William Allen Simpson]

On 7/3/20 10:41 AM, Thierry Moreau wrote:
> On 02/07/20 05:27 PM, William Allen Simpson wrote:
>> We knew so many things to be wrong.  The best explanation is that
>> flaws in the resulting IPsec were deliberate.
> 
> At layer 9, IPsec was envisioned as a mandatory requirement for IPng (to become IPv6) 

Correct.  I'm the person who registered IPv6, then called PIPE (Practical
Internet Protocol Extensions).  It had security required, and even required
authentication for getting a globally routable address.

Why should anybody be able to install an internet-capable toaster (or light
or refrigerator or TV) inside your house without authorization?

Why should a TV be able to evesdrop on other traffic inside the house?

I'd also named the "spy" field: Security Parameters Index (SPI).

Lixia Zhang mentioned that Steve Deering was working on something similar
in overall format, so we joined to make SIP (Simpler Internet Protocol).
Steve's interests in multicast and IP mobility became an important part of
the specification, also requiring security.

Paul Francis had some brilliant ideas, and had called his PIP (Polymorphic
Internet Protocol).  In July 1993, we combined to make SIPP.  We all agreed
that security was required.

Circa 1990-1991, Kent prevented the publication of the Cryptographic Handshake
Authentication Protocol (CHAP) in the PPP WG.

As I've written before, around the same time Steve Kent was preventing us from
having an IPsec working group.  At the 1992 San Diego IETF, Kent prevented us
from scheduling an official IPsec BoF.  So Phil Karn organized a series of
lunches that week.

Instead, all the IPsec design took place in the PIPE/SIP/SIPP WG.  None of the
other IPng efforts required security.  (Needed it, but wouldn't require it.)

When we reformed the IAB, Steve Kent was the first against the wall.

Eventually there was an official IPsec WG.  It didn't actually produce anything,
but the general direction was to use some useless IEEE proposals as a basis.

Perry Metzger called me, and over 1994 Christmas week, we ported IPsec from
IPv6 to IPv4.  We called these the "Troublemakers" drafts.

Also, I ported my SIPP mobility design to IPv4.  It also required security.

The "powers that be" reassigned my drafts to other editors, who gutted them,
over objections of the WG members.  Several WG chairs resigned.

Since then, my internet drafts are only posted with restrictions (that I'd
helped write into the IETF standards process).


> which would not fit the US (and allies) dedication to preserve "national security" network traffic interception capability. Thus a flawless IPsec was institutionally/constitutionally impossible.
> 
Institutionally.  IETF is an international organization, and members made
some noise about requiring security.  But profits came before security.
Plus the US apparently bribed major corporations, and infiltrated moles into
our institutions.

Snowden taught us that the US was spending tens to hundreds of millions of
dollars influencing standards bodies.  Mere researchers with our meager
budgets couldn't compete.

Constitutionally, the US guarantees "The right of the people to be secure in
their persons, houses, papers, and effects...."

Most people think that digital communications are the equivalent of papers.
Otherwise, they certainly could be considered "effects" (that is, our works).

An originalist textual argument can be made that the Founders understood
security encompassed confidentiality, integrity, and privacy.