[IPsec] Apple to cripple VPN on demand in iphone due to VPN-via-DNS patent
Paul Wouters <paul@nohats.ca> Fri, 05 April 2013 22:22 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id 973C921F9924 for <ipsec@ietfa.amsl.com>;
Fri, 5 Apr 2013 15:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000,
BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqe4MoLASkVe for
<ipsec@ietfa.amsl.com>; Fri, 5 Apr 2013 15:22:32 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com
(Postfix) with ESMTP id 9E31521F9923 for <ipsec@ietf.org>;
Fri, 5 Apr 2013 15:22:32 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with
ESMTP id 3ZjFrh3ZWLzB0m for <ipsec@ietf.org>;
Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca
[IPv6:::1]) (amavisd-new, port 10024) with ESMTP id JbxYJdXsQQLX for
<ipsec@ietf.org>; Fri, 5 Apr 2013 18:22:27 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca
(Postfix) with ESMTP for <ipsec@ietf.org>;
Fri, 5 Apr 2013 18:22:27 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 1900C80BCA;
Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix)
with ESMTP id 0EDEA805AC for <ipsec@ietf.org>;
Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
Date: Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
Message-ID: <alpine.LFD.2.10.1304051816020.25977@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: [IPsec] Apple to cripple VPN on demand in iphone due to VPN-via-DNS
patent
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>,
<mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>,
<mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 22:22:33 -0000
http://www.macrumors.com/2013/04/05/apple-to-alter-vpn-on-demand-behavior-in-ios-6-1-and-later-due-to-virnetx-lawsuit/ Apple documentation: http://support.apple.com/kb/TS4550 The patent: http://www.google.com/patents/US6502135 The patent is dated 1998, which I'm pretty sure is after the FreeS/WAN and Opportunistic Encryption (and thus the IETF) work had started, which clearly designed and implemented what is described below: (1) generating from the client computer a Domain Name Service (DNS) request that requests an IP address corresponding to a domain name associated with the target computer; (2) determining whether the DNS request transmitted in step (1) is requesting access to a secure web site; and (3) in response to determining that the DNS request in step (2) is requesting access to a secure target web site, automatically initiating the VPN between the client computer and the target computer.
- [IPsec] Apple to cripple VPN on demand in iphone … Paul Wouters