[Cryptography] IPsec DH parameters, other flaws

William Allen Simpson william.allen.simpson at gmail.com
Sat Jul 11 09:57:08 EDT 2020 

Having given folks a few days to respond....


On 7/7/20 1:11 AM, Dan McDonald wrote:
> Your story is missing a bit of credit-where-due, Bill.
> 
Sorry, just didn't push a whole hog history in one post.


>> On Jul 6, 2020, at 9:13 AM, William Allen Simpson <william.allen.simpson at gmail.com> wrote:
> 
>> Instead, all the IPsec design took place in the PIPE/SIP/SIPP WG.  None of the
>> other IPng efforts required security.  (Needed it, but wouldn't require it.)
> 
> You're missing a part of, GASP, the US Government who actually had a practical mindset, and a mandate from TWO different sponsors (neither of whom were up the road on 295):  NRL. 

Yes, a great deal of credit should go to Naval Research Labs' (NRL) running code.
(Also more famously later work on Onion Routing.)

IIRC, Ran Atkinson joined PIPE/SIP/SIPP circa mid-1993, and wrote an architecture
document that he graciously permitted me to reformat and republish (extracts) for IPv4.

But the header formats and details were finalized long before Ran arrived, and mostly
were originally based upon experimental code written for Karn's KA9Q NOS.  There's a
reason that ESP is port 50, and AH is port 51.

And let us not forget swIPe: https://en.wikipedia.org/wiki/SwIPe_(protocol)
Came out of those lunch discussions I'd mentioned that Karn hosted.  First posted as an
internet draft, but the IETF wouldn't allow RFC publication.  Published by Usenix.

Also, let us not forget Usenix.  A lot of security would never have happened without a
fearless board at Usenix, willing to defy US government prior restraint efforts.


> I should point out here that while we were trying to get our work out, there were some license-purists who thought that, GASP, BSD licensing wasn't free enough.  This caused stinks that might've attracted the WRONG sort of scrutiny, and we were scare shitless about the up-the-road folks from putting the hammer down.
> 
Yeah, there was more than enough FUD flung around.  Metzger was in the NetBSD
community.  Karn had his own code base that was used in rather a lot of (late
'80s early '90s) products.  I contributed code in both places.

Most significant IPsec development was in *BSD.  Gnu/Linux GPL came years later,
thanks to promotion and funding by John Gilmore.


>> Perry Metzger called me, and over 1994 Christmas week, we ported IPsec from
>> IPv6 to IPv4.  We called these the "Troublemakers" drafts.
> 
> Oooh I do remember that.  I remember some crypto-centered cynics thought it couldn't be built, and then we had our wonder-intern port our IPv6 stuff to IPv4 quickly during the summer of 1995.  :)
> 
In addition, Photuris draft -00 was published December 1994.  By summer of 1995,
both session key management and IP packet security were implemented, and
commercially deployed not very long afterward.

Also, I'd like to call out other significant efforts:

Angelos Keromytis (a Greek undergrad) developed a completely independent
implementation circa October 1995.  He is now a full professor.

Niels Provos (a physics grad student in Hamburg) did an implementation that was
interoperable with both Keromytis and KA9Q.  We coopted him into changing majors
and universities, and drove him across the border into Canada to work on OpenSSH,
so it could be _imported_ into the US.  After years doing good security things at
Google, IIRC he's CSO at Stripe.

I've always been pleased to know that our original IPsec design was easy enough to
understand that (brilliant, talented) undergrads, interns, and non-computer
engineers could write interoperable implementations over a summer. ;)

Contrast with IKE/ISAKMP.  Took paid teams, and at least a half dozen bakeoffs and
workshops over a period of several years before interoperable implementations.


> On Jul 6, 2020, at 9:58 PM, Paul Wouters <paul at cypherpunks.ca> wrote:
> 
>> That was way before my time ..... But I got the impression that at least
>> half of this was self-inflicted by the other IETF participants. And the
>> infosec community is still doing  this do itself all the time.
> 
> Oh hell yes.  See my prior mention of SKIP.
> 

Really not most of the IETF participants themselves.  John Gilmore conducted a
hum at the 1996 Montreal open plenary.  Photuris won overwhelmingly.  We had
rough consensus and running code.  We had at least 3 vendors shipping product.

A day later, Cisco issued a press release announcing they would be supporting
only NSA's ISAKMP.  We've always assumed they were paid off in one form or
another by the US.

As you've mentioned, Sun was pushing SKIP.  I'm fairly sure that in addition
to being rather resource intensive, it was patented?

We've seen this in other areas as well.  In subsequent years, Randy Bush has
often referred to the Internet *Vendor* Task Force.



> My $0.02, because I refuse to be erased,
> Dan

I've not forgotten you!  Is a copy of the NRL code base posted anywhere?

More information about the cryptography mailing list