Conversation

Notices

1. Embed this notice
   Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Thursday, 17-Aug-2023 00:22:30 JST Steve Bellovin

   • Matt Blaze
   • JI
   • Dan McDonald

   @letoams @mattblaze @danmcd @marabou I've been arguing since ~1995 that we should get rid of AH entirely…

   • Embed this notice
     Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Thursday, 17-Aug-2023 00:22:22 JST Steve Bellovin

     in reply to

     • Matt Blaze
     • JI
     • Dan McDonald

     @danmcd @letoams @mattblaze @marabou Btw, my history of IPsec is at https://www.cs.columbia.edu/~smb/talks/ipsec-evolution.pdf with a video at https://www.youtube.com/watch?v=mn6mywFgySA from CFAIL, the conference of cryptographic mistakes…

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Thursday, 17-Aug-2023 00:22:24 JST Steve Bellovin

     in reply to

     • Matt Blaze
     • JI
     • Dan McDonald

     @danmcd @letoams @mattblaze @marabou There was also the belief that you didn't need authentication (I was guilty of that, until I proved myself wrong in https://www.cs.columbia.edu/~smb/papers/badesp.pdf)

   • Embed this notice
     Dan McDonald (danmcd@hostux.social)'s status on Thursday, 17-Aug-2023 00:22:27 JST Dan McDonald

     in reply to

     • Matt Blaze
     • JI

     @SteveBellovin @letoams @mattblaze @marabou

     Also remember in that time that a couple of cryptographers actually thought the "SIP Security Architecture" (AH & ESP) could NOT work for IPv4. We@NRL addressed that misconception quickly enough, but even without proving it via code, that sentiment induced a head-tilt-inducing level of WTF in us.

   • Embed this notice
     Dan McDonald (danmcd@hostux.social)'s status on Thursday, 17-Aug-2023 00:22:28 JST Dan McDonald

     in reply to

     • Matt Blaze
     • JI

     @SteveBellovin @letoams @mattblaze @marabou

     AH was part of its time (1993-1994). Two good-at-the-time and one awful-misunderstanding reasons:

     1.) EXPORT CONTROL! AH & ESP came about right as the clipper chip was dropping.

     2.) Fit with then-SIP-now-IPv6. AH's structure fit in very nicely with IPv6 extension headers.

     3.) (and this is the misunderstanding one). It was thought that AH could keep source-route headers safe. That thought was wrong. 1/2

   • Embed this notice
     Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Thursday, 17-Aug-2023 00:27:09 JST Steve Bellovin

     in reply to

     • Matt Blaze
     • JI
     • Dan McDonald

     @danmcd @letoams @mattblaze @marabou Btw: while I was working on IPsec I also wrote one of my favorite papers: Probable Plaintext Cryptanalysis, https://www.cs.columbia.edu/~smb/papers/probtxt.pdf. (Some folks at AT&T wondered if we should patent it. I pointed out that a) the NSA would be the major user, and we'd never know if they infringed or indeed if they already had it, and b) much of the concept, especially the two-packet variant, was likely anticipated by the attacks on Enigma…)

     Haelwenn /элвэн/ :triskell: likes this.