[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 10 years and no ubiquitous security



RJ Atkinson wrote:
> 
> On Wednesday, March 13, 2002, at 06:49 , William Allen Simpson wrote:
> > 10 years ago on Tuesday, Phil Karn sprawled out across my hotel
> > room bed and drew the packet header that became ESP.
> 
> Actually, that packet header wasn't directly related to ESP,
> though there aren't but so many ways a security encapsulation
> can be framed.
> 
I don't know why you want to denigrate the efforts of long-time IETF 
participants such as Phil Karn, JI, Perry Metzger and myself, but I just
took a bit of time to review the WG meeting minutes. ...


> The SP3 spec, published by NIST more than 10 years ago, was the
> direct predecessor to ESP.

Paul Lambert (an early co-chair) was a big proponent of SP3.  Even when 
we thought we had "rough consensus", Paul would present SP3 yet again!  
We rejected it every time (at least 3 times).

We finally put the matter to rest at Toronto, where the minutes record:
  "The problems with SP3 include a difficult to read specification, 
unnecessary fields in the clear header (very minor problem), and closely 
tied to ISO TP (makes support of TCP and other Internet protocol [sic] 
slightly harder.)"
  "Few of these implementations interoperate (a feature?)"

You should understand, when the WG is making comments like "failure to 
interoperate is a feature", that means "wow, what a ***** protocol."   
(substitute your favorite explicative.)

Even Rob Glenn of NIST wasn't advocating SP3!


>  This was noted in RFC-1827, I believe.

We don't usually quibble with your acknowledgments section, or what you 
felt "influenced" you.


> ... I didn't happen to be at that ad-hoc meeting
> in San Diego, so I wasn't influenced by it

No, but you were at the meetings where swIPe was demonstrated -- 
ACTUALLY DEMONSTRATED -- and where the the packet headers were 
discussed.  

And you also acknowledge "the proposed swIPe security protocol"!

So, it would seem your message is rather disingenuous.


> and I'm the one
> who wrote the ESP spec in the early 90s, initially inside the
> IPng WG as an individual contribution.
> 
I believe I have a copy of that early draft.  It would be hard to tell 
whether it is based on SP3, as it is remarkably devoid of packet 
formats.  But "SP3" is not mentioned.

Anyway, as recorded in the minutes, I'm the one who wrote the early 
"requirements draft" for the packet header (circa 1993), and I can 
testify SP3 **wasn't** an influence....

I'll note that Steve Deering's viewgraphs for Amsterdam (July 1993) 
specify that SIP Security will be based on "recent IPSec work".  

Those same viewgraphs document that I already had an implementation, in 
a KA9Q base -- that would be with Karn's swIPe implementation.

Were you there?

-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32