Some reflections on 20 years of S/WAN

The summer of 2015 is pretty much at a close: I’m writing this on labour day monday afternoon, in a pub, escaping from the heat of what has been called the hottest summer on record. We’ve had our last hurrah at the cottage; my son starts grade 5 tomorrow.

I’m at the pub working on resolving a policy selection issue in Openswan. It’s been a oft repeated mantra of mine: cryptography is easy, but it’s only the tip of the iceberg. Figuring out how to keep something private isn’t that difficult, there are a few good choices and lots of poor ones, and only in rate cases do you need anything esoteric. You use the strongest algorithm you can afford, and make sure you can switch easily.

The hard part is not how to encrypt, but when to encrypt: who to trust and for what. The hard part is policy, so getting policy right is really important.

So it’s with some humour that I reflect on what I was doing 20 summers ago. I travelled to the Bay area for the first time around August 7, 1995. I went to Redwood City, to the Oracle buildings, where RSA Data Systems leased

space. See: I noted with humour that the buildings looked like database icons from a flow-chart ( ).

I don’t recall much about the content of those meetings. What did we do that took three days, I don’t know. Maybe it wasn’t such a long meeting. I’ll get back to the content of that meeting below.

I was disappointed that Redwood City was so far from San Francisco, and so I was pleased that to travel down to SFO with another fellow from another firewall company (was it Netscreen? Could it have been Gregory Lebovitz? Maybe). We wandered around the Market Area a bit, and maybe we visited Ghirardelli square. I do know that the map that the rental car company had given was old: we tried to get back on the I280 downtown, but it was being demolished at the time. (cf: ). Remember that was not just prior to Google maps, it was prior to Google and Mapquest.

I know the dates that I was there not because I had a google calendar back to that time (I didn’t even have my well work Priority Management paper calendar back in 1995 yet), but because August 9, 1995, that day, was also the day that Jerry Garcia died; I talked to my then girlfriend (now wife), and she told me, and suggested I should find a way to get to Golden Gate Park on the weekend… but I was returning before then. I wish I had made time.

Back to the RSA meeting: RSA wanted to find ways to promote more use of assymetric crypto in virtual private network usage. They wanted to promote more use of BSafe. I think I was polite enough not to say, “Well, duh, stop with the moronic patent crap”. I know that we did talk about the export restrictions, and the Clipper debate was mostly over, but not quite. ( ) Had Clipper succeeded, there would really have been no place for RSA.

HTTPS was also very new; I’m not sure that it really existed at all yet. I’ll also note that Windows 95 had not quite been released yet; it came later on in August 1995.

So I guess we must have spent some time learning about the BSafe libraries, and I recall thinking, “I never want to license that crap”. At the time, I worked at Milkyway Networks, and been working there almost a year. We had released out Blackhole 2.0 in May/June 1995, and were busy selling it worldwide. Our Blackhole 1.0, which I had supervised releasing the previous fall, could only be sold in Canada as part of it was licensed code (the TIS firewall toolkit), and we had rights only to sell in Canada.

In the fall of 1994, I had spent a week creating a VPN solution for Blackhole 1.0. It consisted of a selective bypass (“SPD” in IPsec terms, but we didn’t have that term yet in 1994: it’s not in RFC1825, shows up first in RFC2401) that would forward packets rather than send them into our application layer proxies, plus an improvised “/dev/tun”-like interface that allowed me to get packets out of the kernel. I suspect that I probably used the BSD tun device source code on BSDi, and ported that to SunOS.

A /dev/kmem interface let userspace plug new entries into the bypass table. I struggled with how to apply netmasks to the problem: should I check source or destination addresses first? This is a problem which the RFC2401/4301 SPD never adequatedly resolved for me: the SPD just says the admin gets to order them, but really it ought to have an impact on policy expression in the key exchange system.

So that was the kernel part: in the userspace part I had a daemon which applied manually keyed 1DES to the packets, and pushed them down a TCP socket. I knew that this was a bad idea; but I didn’t know why. Now I can explain that TCP should never run over TCP, and one reason is that TCP has too many buffers, and the result is bufferbloat. I recall Stephen York sitting a year or more later when 1DES had been replaced with Entrust’s SPKM (so 1DES->CAST128, plus some unreasonably complex key management that we now call GSSAPI). He had two Sparc 5 in a VPN with 10Mb/s link between, and he was trying to install win95 across the VPN: a PC on one side mounted the cdrom of the PC on the other side, and it would fail. I know now why :-)

The reason I used TCP rather than UDP is because I didn’t know how to deal with the IV. In ESP, we just include the IV in the packet, but in 1994, with my limited understanding of actual applied cryptography, it seemed to me that revealing the IV was undesireable. It seemed too much like keying material.

But, by August 1995, I was pretty sure that I had got it wrong, and I was itching to fix my mistake, and replace the 1DES-over-TCP with IPsec, and thus I was at the RSA meeting.

RSA wanted to have a branding that they would own and apply to VPN systems that interoperated and seemed like they were secure. I don’t think that anyone in the room wanted anything other than IPsec, I think that the SKIP debate was over by that point, ( ), as again, if you used SKIP, you wouldn’t need RSA crypto at all. So it was with a surprising amount of unamimity that the group said that we wanted asymmetrically authenticated virtual private networks based upon IPsec. Maybe the marketing people there were looking for a bigger debate.. it was also interesting because by going for authentication by RSA only, we mostly got around much of the export issues with RSA.

The group in the room, along with the marketing people, agreed we wanted a “Secured WAN”, and that got abbreviated to S/WAN, and that was the last I heard of that term for some years.

In fall of 1995, I was supposed to have attended the Danvers IETF meeting, but I was prevented from doing so by last minute “urgent” work at Milkyway Networks, and finally I attended my first IETF, number 35, in LA in March of

  1. There I met a number of NetBSD people for the first time in person, including Tatu Ylonen of SSH. What I cared about most there was SPKI, which was eventually published as and Yes, that’s Ron Rivest: the aRRRgh in RSA.

I wanted SPKI in SSH, replacing the .ssh/authorized_keys file. This goes back to what I wrote above: encrypting is easy, knowing who can do what is the hard part, and SPKI provided a way easily say, “RSA key foo can login to machine bar”, and do so in a scalable way that was awash with X.500 (“DAP”) difficulties in trying to identify which John Smith you meant to delegate to. This is still, as far as I’m concerned, a mostly unresolved issue, but I point at OAUTH2 as being very close to where SPKI was. We just need it for more than just web things, and the IETF ABFAB group is doing a lot of things in that place.

Later that year (1996 now), I left Milkyway Networks. The company had gone public on July 2, 1996, at $13.85/share, reached a high of $14 on that day, and never saw the high side of $5 again. That was the summer that Digital laid of 40,000 employees. But, with $37M in the bank, Milkyway Networks was not looking to the future, and wasn’t thinking: how to push their firewall technology past the 2-3Mb/s rates we were getting, past the 10Mb/s connections that were expensive, but available, to be able to deal with 45Mb/s links, and later 100Mb/s. (in the end, the PIX firewall took that market, and Cisco purchased them. The only other vendor that survived was Checkpoint). So by October 1996, I had left, and was looking for customers.

In some discussions with Tatu, I tried to convince him that he should hire me to put SPKI into SSH2. Instead, he hired me to implement IPsec with his team, and by February 1997, I made my first of three trips to Finland to work with Tero Kivinen, Tero Mononen, Pekka Nikkander and Tatu. (Not to forget their office manager: Anita). I worked on IPsec code that year, and into 1998, when the size of the SSH company grew enough that it become impossible for me keep up with hallway discussions from remote. I had to move or change jobs, and moving would have been impossible for Meaghan.

It was while I was working at SSH and attending IETF meetings that I met ||ugh Daniel, and learned of he and John Gilmore’s FreeS/WAN project. I couldn’t join them, I was working at a competing (closed source) stack. I did help them connect with some people who knew things, and Richard Briggs went to work for the FreeS/WAN project.

Instead as I left SSH, I wound up working at a new startup: Solidum Systems. First firewalls with VPNs, then VPNs, then at Solidum Systems: just per-packet policy engine at wire speed. I worked for three years at this fabless startup, building as I explained: SPDs-on-a-chip. Ultimately, the technology was too soon, and the company burnt through it’s VC money, and did not survive the dot-boom.

I left, and this time, the timing was right, and in July 2001 I started working on the FreeS/WAN project. (Yes, John Gilmore did in fact get a license from RSA to use the S/WAN term. I wonder if any lawyer there can even find evidence of that… it would be neat to see a scan of that letter)

I didn’t intend this article to be a resume: I just wanted to make it clear how I started working on a series of S/WAN projects, having first been at the meeting where the term was coined, and how, really security, is not about encryption, but about determining who can do what, and where.

I have been thinking about this article most of the summer; perhaps as far back as February 2015, when the Fare Thee Well concent was announced. ( ) Yes, we had plans to attend, but tickets were impossible to obtain.

One of the things that I wanted to talk about is the FreeS/WAN innovation of using “left” and “right” rather than “local” and “remote” to identify policy.

I know that were a few people who just couldn’t grok “left” and “right”, and I have to accept that they aren’t idiots, but there brains are just wired differently from mine. I would truly like to understand their point of view, but after more than ten years of trying, I still don’t get it.