zomg school!

November 17, 2008 – 10:12 pm

no time to make a reasonable post but there is an amazing set of quotes from my network security book:

At one of the final IETF meetings before AH and ESP were finalized, someone from Microsoft got up and gave an impassioned speech about how AH was useless given the existence of ESP, cluttered up the spec, and couldn’t be implemented efficiently (because of the MAC in front of the data). Our impression of what happened next was that everyone in the room looked around at each other and said, “Hmm. He’s right, and we hate AH also, but if it annoys Microsoft let’s leave it in, since we hate Microsoft more than we hate AH.”


IKE is a protocol for doing mutual authentication and establishing a shared secret key to create an IPSec SA. IKE took many years to come out of IETF. The original contenders were Photuris (RFC 2522) and SKIP (http://skip.incog.com/inet-95.ps). Either of these protocols would have been just fine in practice. But due to committee politics, neither one was chosen and instead IKE/ISAKMP emereged, almost a decade after work began, with a protocol so complex and specification so incomprehensible that nobody had the patience to understand what was being decided upon, and so nobody had objections. The result had lots of ambiguities and flaws…

These come after a talk I was at given by John Day on a tour promoting his new book where he pretty thoroughly bashed the current establishment and standards committees as being too embroiled in political manuvering (electro-political engineering as he called it) to make any real progress. (Paraphrased: “IPv6 can die in a fire for all I care, it’s a small step to fix one[0] of the seven major problems we identified 20 years ago.”) It makes me laugh (and cry) and wonder where we would be if folks would just let their egos deflate a bit.

[0] it may fix two I don’t recall — problem 1 was adress space size, problem 2 is routing table size (I think…?) I was a bit tired so some of the talk is a bit fuzzy.

Sorry, comments for this entry are closed at this time.