[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 10 years and no ubiquitous security

To: ietf@ietf.org
Subject: Re: 10 years and no ubiquitous security
From: William Allen Simpson <wsimpson@greendragon.com>
Date: Mon, 18 Mar 2002 15:16:12 -0500
CC: ipsec@lists.tislabs.com
Organization: DayDreamer
References: <20020318161833.084837B4B@berkshire.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

"Steven M. Bellovin" wrote:
> 
> In message <3C93EEA3.28833ABD@greendragon.com>, William Allen Simpson writes:
> Right.  The only copy I could find was from 1996, but I don't think
> that that difference is important.
> (http://www.watersprings.org/pub/id/draft-simpson-ipsec-enhancement-00.txt)

Remember, the WG chair objected to my drafts being draft-ietf-ipsec-, 
and so they were reissued in 1996 as draft-simpson-, restarting at -00.

To the middle of your message, why is it a problem that we were so 
brilliant that we prevented a threat before somebody else documented 
the attack?  We are engineers, not cryptanalysts.  It seemed obvious.

Anyway, _you_ had the integrity to admit you were wrong.  Thanks!  
(I just wasn't sure I should mention your name in a negative context.)

> ...  But except for VPN scenarios, most people choose
> not to use it.  I think there's a lesson there, but I fail to see how
> Steve Kent or any of the other players in the history of IPsec are at
> all at fault.
> 
Because the so-called "standard" is hard to understand, hard to 
implement, hard to install, and hard to use -- and now verified to 
have security failures, some of which I documented at least 6 years ago.  
Other than that?

As you may remember, Photuris was designed to start itself 
automatically, without significant user intervention.  (Somebody else 
just noticed the ICMP Security Failures messages.)

Another of the things I used to do: have an Operational Considerations 
section in my drafts.  Anything with a lot of configuration and 
dependencies has too many points of failure.

But I'm so disgusted with Ran denying that other people did any work, 
or that he knew about it, that I'm hoping the thread will end.  Surely, 
the secretariate mistyped that string in 1992 (on page 363).  Oh well, 
it's not the first time I've caught him in a lie....

The point was made: we've been delayed and obfuscated into oblivion.  
The WG has been spinning its wheels for a decade.
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

References:
- Re: 10 years and no ubiquitous security
  - From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: RE: Choosing between IKEv2 and JFK
Next by Date: RE: Choosing between IKEv2 and JFK
Prev by thread: Re: 10 years and no ubiquitous security
Next by thread: Re: 10 years and no ubiquitous security
Index(es):
- Date
- Thread