"Steven M. Bellovin" wrote:
In message <3C93EEA3(_dot_)28833ABD(_at_)greendragon(_dot_)com>, William
Allen Simpson writes:
Right. The only copy I could find was from 1996, but I don't think
that that difference is important.
(http://www.watersprings.org/pub/id/draft-simpson-ipsec-enhancement-00.txt)
Remember, the WG chair objected to my drafts being draft-ietf-ipsec-,
and so they were reissued in 1996 as draft-simpson-, restarting at -00.
To the middle of your message, why is it a problem that we were so
brilliant that we prevented a threat before somebody else documented
the attack? We are engineers, not cryptanalysts. It seemed obvious.
Anyway, _you_ had the integrity to admit you were wrong. Thanks!
(I just wasn't sure I should mention your name in a negative context.)
... But except for VPN scenarios, most people choose
not to use it. I think there's a lesson there, but I fail to see how
Steve Kent or any of the other players in the history of IPsec are at
all at fault.
Because the so-called "standard" is hard to understand, hard to
implement, hard to install, and hard to use -- and now verified to
have security failures, some of which I documented at least 6 years ago.
Other than that?
As you may remember, Photuris was designed to start itself
automatically, without significant user intervention. (Somebody else
just noticed the ICMP Security Failures messages.)
Another of the things I used to do: have an Operational Considerations
section in my drafts. Anything with a lot of configuration and
dependencies has too many points of failure.
But I'm so disgusted with Ran denying that other people did any work,
or that he knew about it, that I'm hoping the thread will end. Surely,
the secretariate mistyped that string in 1992 (on page 363). Oh well,
it's not the first time I've caught him in a lie....
The point was made: we've been delayed and obfuscated into oblivion.
The WG has been spinning its wheels for a decade.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32