[perpass] NULL Cipher RFC 2410 to HISTORIC ???
Phillip Hallam-Baker <hallam@gmail.com> Mon, 09 December 2013 01:53 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9BB1AE0EE for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 17:53:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dHeCQ9OtuHcO for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 17:52:59 -0800 (PST)
Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) by ietfa.amsl.com (Postfix) with ESMTP id D49E31AE0E3 for <perpass@ietf.org>; Sun, 8 Dec 2013 17:52:58 -0800 (PST)
Received: by mail-wi0-f177.google.com with SMTP id cc10so3038636wib.4 for <perpass@ietf.org>; Sun, 08 Dec 2013 17:52:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=6+SFYUxtw4375k65Ll44UAq3PMKHdmXkxzDLQIwqa9A=; b=YOP4yRWuR96yM/cJHk1yDA0a9/e2sY1gBYQI8NSAnHiGZtMPfnTwRpcmtt87Xzmawr pm9E+AhslWKaXydnVmefKK+y4VqeCRdwZ+Vrj4SmEi9L/JVDtmnbzWILokoU6jo8neap xD2oVQlynsmWE+CcT8JjpFLIlylwLcb3CS+QV2JUPxl0Qf3lO6bXwMGB7citWGJVcX1B OGKrgZMSg/cJfD0bsR+dmWeoCNUt8Maq+lB3t2shkHIZAxboRXnfs7bmjO0CQfMRowy8 n76ujo3K4nrAd6MYhGX6Kp+Ts199ocPj1Le7A2NnSPd7QyPFQEklPzNi4XrW5ZMZ5h2A svRw==
MIME-Version: 1.0
X-Received: by 10.180.108.97 with SMTP id hj1mr11644945wib.59.1386553973598; Sun, 08 Dec 2013 17:52:53 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Sun, 8 Dec 2013 17:52:53 -0800 (PST)
Date: Sun, 08 Dec 2013 20:52:53 -0500
Message-ID: <CAMm+LwijWwanC+KLaSC-Kgq4vP=8in8Juo2Gbd=URh4zVf55nA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="e89a8f3bafef0ef2f004ed104179"
Cc: perpass <perpass@ietf.org>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 01:53:01 -0000
On Sun, Dec 8, 2013 at 5:00 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net > wrote: > Hi Stephen, Hi Nicholas, > > it would be interesting (as a history lesson) if someone could tell us why > the group at that time decided to develop a NULL encryption mechanism. > Stephen Kent (co-author of RFC 2410) might remember. I have no heard > It was for testing and it all happened long before any of the evidence of the NSA peddling bongoed crypto suggests that it was going on. I think it highly unlikely that anything of the sort was going on before 9/11 and my sources claim that the change came much later, if it happened at all. I really don't think that any of the people involved in IETF process have had a hand in knowingly peddling bongoed crypto either. But as I have been making plain in another forum, the slides openly bragging about such an operation have had a serious cost in terms of erosion of trust. I think any interference would have been 'action at a distance'. Rather than come here and make the case for protecting some hole that was going to be used to propagate Flame, I would expect the NSA people running the DoD CA would call up their contacts in IETF space and make up some story about their operational difficulties caused by still running the old Netscape CA that hasn't been maintained for a decade now or some such hokum. I can't see how that sort of cover story would work for peddling a NULL cipher. There are some vulnerabilities I think can be laid at their door but not that one. We did that one to ourselves. IPSEC is sufficiently complicated that interop is a non trivial problem. Or at least the people who implemented it found it to be so. Some people tried to make the same suggestion for S/MIME (and people might remember my reaction). Having a NULL cipher for interop testing was not an unfounded proposal but it was certainly never one I supported. Remember that IPSEC has always supported an 'authentication only' mode. So turning on encryption with a null cipher was not an obvious difference. In fact it would probably have made sense to have killed the integrity only option at the start and just had a null cipher. Perhaps we should write a draft and move it to HISTORIC, just to avoid any confusion. > In context of our discussion on this list the answer will give us a lot of > guidance for the future. Even 2 years ago I had lots of people arguing in > the OAuth working group that authentication and integrity protection is > sufficient and that we do not need confidentiality protection. So, I > wouldn't be surprised if the same argument showed up 10 years earlier. > That is a different argument and maybe there is a case to be made for relying on HTTPS. I don't like that approach, in fact I super-encrypt within HTTPS quite often and always super-authenticate end to end in my Web Services. -- Website: http://hallambaker.com/
- [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Merike Kaeo
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Merike Kaeo
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Yoav Nir
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Moriarty, Kathleen
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Yoav Nir
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Michael Richardson
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Michael Richardson
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Moriarty, Kathleen
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Paul Wouters
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Paul Ferguson