[Cryptography] IPsec DH parameters, other flaws

Dan McDonald danmcd at kebe.com
Mon Jul 20 20:09:52 EDT 2020 

On Mon, Jul 20, 2020 at 03:23:21PM -0400, Paul Wouters wrote:
> 
> > Take the decision to make sure IPSEC wouldn't pass through NAT. I am
> > certain neither security AD >at the time was working for the NSA. But 
> > someone managed to reinforce their prejudices against NAT and the result
> > was a failed design. 
> 
> Again, I wasn't there for that, but the IETF really believed IPv6 would
> be there soon and NAT would die and don't develop for it. I would again
> not give credit to TLA's for the simple incomptence of the IETF[1] :)

I was there in the mid-90s, and we IPng-ers detested NAT, and thought it was
our mission in life to kill it dead. NATs were middleboxes that altered
packets and were an extra single-point-of-failure!  Also, we though NATs were
going to be easy targets for... wait for it... attackers, including-and-
especially state-sponsored ones!

Was it a misguided decision to not think about NAT-Traversal until the
early-2000s? In hindsight, absolutely.  At the time, it did feel very much
like the right thing.

Hell, I'd imagined (and I wasn't alone) IPsec being presented to apps as a
socket option that you had to turn on *per-socket* to use.  1st year at Sun
convinced me that wasn't great, because of Legacy Software (TM).  So much
stupid and greed can do more to kill something than one imagines.  In the
late 90s, someone asked me if we could use IPsec to protect Oracle database
traffic w/o paying Oracle some godawful *additional* sum for what was
essentially turn-on-SSL.  I said yes, but nothing came of it.  I suppose
Oracle is one of those friends-of-the-government companies[1], but hey, it's
likely more about greed ("A lawnmower doesn't care about your hand, it just
cuts grass!" - B. Cantrill).

I agree with you, Paul -- we have ourselves as much to blame as any external
actor.

Dan


[1] If I wear the right tinfoil hat, I can imagine Oracle was encouraged to
    buy Sun to prevent OpenSolaris -- which had both could've-been fully-open
    IKEv2, and a could've-been fully-open ZFS Encryption, under development
    -- from staying open.  I'll note that within the last few years the
    latter is now available, but the former never had interest, even though
    one of my colleages has hammered away at it on-and-off since the closing
    of OpenSolaris and the creation of illumos.

More information about the cryptography mailing list