[IPsec] Apple to cripple VPN on demand in iphone due to VPN-via-DNS patent

Paul Wouters <paul@nohats.ca> Fri, 05 April 2013 22:22 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 973C921F9924 for <ipsec@ietfa.amsl.com>; Fri, 5 Apr 2013 15:22:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqe4MoLASkVe for <ipsec@ietfa.amsl.com>; Fri, 5 Apr 2013 15:22:32 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id 9E31521F9923 for <ipsec@ietf.org>; Fri, 5 Apr 2013 15:22:32 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ZjFrh3ZWLzB0m for <ipsec@ietf.org>; Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id JbxYJdXsQQLX for <ipsec@ietf.org>; Fri, 5 Apr 2013 18:22:27 -0400 (EDT)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by mx.nohats.ca (Postfix) with ESMTP for <ipsec@ietf.org>; Fri, 5 Apr 2013 18:22:27 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 1900C80BCA; Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 0EDEA805AC for <ipsec@ietf.org>; Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
Date: Fri, 5 Apr 2013 18:22:28 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: "ipsec@ietf.org WG" <ipsec@ietf.org>
Message-ID: <alpine.LFD.2.10.1304051816020.25977@bofh.nohats.ca>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Subject: [IPsec] Apple to cripple VPN on demand in iphone due to VPN-via-DNS patent
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2013 22:22:33 -0000

http://www.macrumors.com/2013/04/05/apple-to-alter-vpn-on-demand-behavior-in-ios-6-1-and-later-due-to-virnetx-lawsuit/

Apple documentation: http://support.apple.com/kb/TS4550

The patent: http://www.google.com/patents/US6502135

The patent is dated 1998, which I'm pretty sure is after the
FreeS/WAN and Opportunistic Encryption (and thus the IETF) work
had started, which clearly designed and implemented what is described below:

 	(1) generating from the client computer a Domain Name Service (DNS)
 	request that requests an IP address corresponding to a domain name
 	associated with the target computer;

 	(2) determining whether the DNS request transmitted in step (1) is
 	requesting access to a secure web site; and

 	(3) in response to determining that the DNS request in step (2) is
 	requesting access to a secure target web site, automatically initiating
 	the VPN between the client computer and the target computer.