[Cryptography] IPsec DH parameters, other flaws
Dan McDonald
danmcd at kebe.com
Sun Jul 12 00:13:23 EDT 2020
Oh I'm so glad you further completed the big picture. ESPECIALLY for the parts where I was still a grad student and hadn't yet joined the fray.
> On Jul 11, 2020, at 9:57 AM, William Allen Simpson <william.allen.simpson at gmail.com> wrote:
>
> Having given folks a few days to respond....
>
>
> On 7/7/20 1:11 AM, Dan McDonald wrote:
>> Your story is missing a bit of credit-where-due, Bill.
> Sorry, just didn't push a whole hog history in one post.
Thank you.
>>> On Jul 6, 2020, at 9:13 AM, William Allen Simpson <william.allen.simpson at gmail.com> wrote:
>>> Instead, all the IPsec design took place in the PIPE/SIP/SIPP WG. None of the
>>> other IPng efforts required security. (Needed it, but wouldn't require it.)
>> You're missing a part of, GASP, the US Government who actually had a practical mindset, and a mandate from TWO different sponsors (neither of whom were up the road on 295): NRL.
>
> Yes, a great deal of credit should go to Naval Research Labs' (NRL) running code.
> (Also more famously later work on Onion Routing.)
That was spinning up as I was leaving... smart folks who worked on that.
> IIRC, Ran Atkinson joined PIPE/SIP/SIPP circa mid-1993, and wrote an architecture
> document that he graciously permitted me to reformat and republish (extracts) for IPv4.
Yes, mid-1993 I was finishing my last classes in grad. school. Ran hired me thanks to a post on misc.jobs.resumes.
> But the header formats and details were finalized long before Ran arrived, and mostly
> were originally based upon experimental code written for Karn's KA9Q NOS. There's a
> reason that ESP is port 50, and AH is port 51.
>
> And let us not forget swIPe: https://en.wikipedia.org/wiki/SwIPe_(protocol)
> Came out of those lunch discussions I'd mentioned that Karn hosted. First posted as an
> internet draft, but the IETF wouldn't allow RFC publication. Published by Usenix.
One or more of JI or Perry told me about this.
> Also, let us not forget Usenix. A lot of security would never have happened without a
> fearless board at Usenix, willing to defy US government prior restraint efforts.
A big fan. The NRL IPv6-in-BSD paper was presented at the January, 1996 USENIX (while I was travelling from DC to CA to start Sun).
>> I should point out here that while we were trying to get our work out, there were some license-purists who thought that, GASP, BSD licensing wasn't free enough. This caused stinks that might've attracted the WRONG sort of scrutiny, and we were scare shitless about the up-the-road folks from putting the hammer down.
> Yeah, there was more than enough FUD flung around. Metzger was in the NetBSD
> community. Karn had his own code base that was used in rather a lot of (late
> '80s early '90s) products. I contributed code in both places.
>
> Most significant IPsec development was in *BSD. Gnu/Linux GPL came years later,
> thanks to promotion and funding by John Gilmore.
I've met those various *SWAN folks over time.
>>> Perry Metzger called me, and over 1994 Christmas week, we ported IPsec from
>>> IPv6 to IPv4. We called these the "Troublemakers" drafts.
>> Oooh I do remember that. I remember some crypto-centered cynics thought it couldn't be built, and then we had our wonder-intern port our IPv6 stuff to IPv4 quickly during the summer of 1995. :)
> In addition, Photuris draft -00 was published December 1994. By summer of 1995,
> both session key management and IP packet security were implemented, and
> commercially deployed not very long afterward.
>
> Also, I'd like to call out other significant efforts:
>
> Angelos Keromytis (a Greek undergrad) developed a completely independent
> implementation circa October 1995. He is now a full professor.
>
> Niels Provos (a physics grad student in Hamburg) did an implementation that was
> interoperable with both Keromytis and KA9Q. We coopted him into changing majors
> and universities, and drove him across the border into Canada to work on OpenSSH,
> so it could be _imported_ into the US. After years doing good security things at
> Google, IIRC he's CSO at Stripe.
And a blacksmith too, IIRC.
> I've always been pleased to know that our original IPsec design was easy enough to
> understand that (brilliant, talented) undergrads, interns, and non-computer
> engineers could write interoperable implementations over a summer. ;)
I was annoyed nobody ever ported Photuris or other KM experiments to PF_KEY. It would've worked nicely, I think.
> Contrast with IKE/ISAKMP. Took paid teams, and at least a half dozen bakeoffs and
> workshops over a period of several years before interoperable implementations.
As mentioned earlier, Solaris had to OEM IKEv1's core (from a very good implementation) to make perceived time-to-market. It's why IKEv1 in illumos (the successor of OpenSolaris) distros is in the closed-binary wad.
<SNIP!>
> As you've mentioned, Sun was pushing SKIP. I'm fairly sure that in addition
> to being rather resource intensive, it was patented?
No idea about patents, but their developers had pulled the wool over way-too-many eyes inside Sun. I could've attacked the problem differently in hindsight, but even had I done it differently, I'd have been up against a LOT of internal pressure.
> We've seen this in other areas as well. In subsequent years, Randy Bush has
> often referred to the Internet *Vendor* Task Force.
Eeesh.
>> My $0.02, because I refuse to be erased,
>> Dan
>
> I've not forgotten you! Is a copy of the NRL code base posted anywhere?
RIPE has copies:
https://ftp.ripe.net/ipv6/nrl/
I probably have 'em squirreled away somewhere here too.
Thank you!
Dan
More information about the cryptography
mailing list