[Cryptography] IPsec DH parameters, other flaws

[Peter Gutmann]

[Replies consolidated into one message]

>instead of crediting NSA and GCHQ for the sabotaging our communities, that 
>our biggest enemy is in fact us, and not them.

It was absolutely that: Never attribute to malice what is adequately
explained by incompetence.  Take two WG's I was on, let's call them S and P.
S was full of implementers, when some issue was discussed members would 
point out implementation, performance, and interop issues from real-world
experience and base the standard on that.  P in contrast was populated by 
professional meeting-goers who hadn't written ten lines of code in as many 
years, operating entirely free from any real-world constraints so they could 
dream up whatever they wanted in a perfect vacuum.  Occasionally some new 
guy would pop up and propose something like creating use cases or similar to 
evaluate P's work against, but they were quickly shouted down and left again.

There was actually a shadow list P' of implementers who had given up trying 
to contribute to P years ago but occasionally exchanged email amongst 
themselves when some particularly egregious discussion ran on P.  Beyond 
that, there were people who were bad even by P's standards, with one 
frequent contributor informally recognised as "the resident denial-of-
service attack" without anyone needing to explicitly mention their name.

So in short it was design by committee, not deliberate sabotage.  The MIB's 
didn't need to sabotage the process, all they had to do was sit back and 
watch.

>I was there in the mid-90s, and we IPng-ers detested NAT, and thought it was
>our mission in life to kill it dead.

I remember that, the sentiment was "IPsec will be bigger than NAT so we'll 
make sure that it breaks it and thereby kill NAT", sort of like the joke 
about the fly sitting on the horns of the ox team and thinking what a good 
job it's doing pulling the plough.

Peter.