January/February 2019 issue of acmqueue The January/February 2019 issue of acmqueue is out now

Subscribers and ACM Professional members login here

Kode Vicious


  Download PDF version of this article PDF

Error 526 Ray ID: 4bc81ae4fc8dcccc • 2019-03-24 10:54:05 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 10, no. 1
see this item in the ACM Digital Library


Follow Kode Vicious on Twitter
and Facebook

Have a question for Kode Vicious? E-mail him at [email protected]. If your question appears in his column, we'll send you a rare piece of authentic Queue memorabilia. We edit e-mails for style, length, and clarity.


Aleksander Kuzmanovic - Net Neutrality: Unexpected Solution to Blockchain Scaling
Cloud-delivery networks could dramatically improve blockchains' scalability, but clouds must be provably neutral first.

Jim Waldo - A Hitchhiker's Guide to the Blockchain Universe
Blockchain remains a mystery, despite its growing acceptance.

Yonatan Sompolinsky, Aviv Zohar - Bitcoin's Underlying Incentives
The unseen economic forces that govern the Bitcoin protocol

Antony Alappatt - Network Applications Are Interactive
The network era requires new models, with interactions instead of algorithms.


(newest first)

Displaying 10 most recent comments. Read the full list here

Samson | Fri, 28 Dec 2012 11:14:01 UTC

am supposed to write a 20 page report after reading the article by KV. Somehow i ended up reading the comments, and now i don't know what to include in my report. It interesting to note that the comments are more informative than the article.

Required | Tue, 19 Jun 2012 11:58:52 UTC

Proven completely wrong, yet he talks back. What a shameless person! Yeah, now people can really see for themselves, that the article is nothing more than a trivial butthurt (either caused by personal issues or financed by some 'nice' folks).

Kode Vicious | Fri, 01 Jun 2012 15:04:27 UTC

Thank you Theo. I believe that people can now see and judge your intent and your actions for themselves.


Martin Schröder | Thu, 31 May 2012 21:45:10 UTC

And he was not elected: http://www.acm.org/press-room/news-releases/2012/acm-officers-2012 But he is still an editor of Queue.

Martin Schröder | Thu, 31 May 2012 21:41:46 UTC

>Good luck with your coming election as the ACM secretary/treasurer The election is already over. :-(

Theo de Raadt | Thu, 31 May 2012 19:51:46 UTC

Did the IESG board (and the board members who play the revolving door at patent-holding vendors) refuse our protocol request with malice aforethought?

You would not want to ask that question, would you. Asking that would reduce your future employment options.

George, you are a Glorious Tool (first use of this term). Good luck with your coming election as the ACM secretary/treasurer: http://www.acm.org/acmelections

With your vision, ACM will be on the same road as the IESG: Clouded with prejudice.

Pierre Marquet | Thu, 31 May 2012 18:59:10 UTC

Please edit this post and remove the wrong information. Such a post feels authoritative, it's dangerous and can spread in the mind of people. Please don't misinform the poor and unaware public.

There is a fundamental problem here, vendors doing a business lobby right at the IETF table. Patents on standards are very very bad.

Kevin Chadwick | Thu, 31 May 2012 17:50:07 UTC

Please apologise and Swallow your pride KV.

Using terms like Glorious Leader in such a fashion otherwise what would be wrong with it and which don't turn up on Google is simply childish.

Theo de Raadt | Thu, 31 May 2012 17:22:32 UTC

When you propose that it was malice (your word), you should probably have some proof. Supposition and questioning is below the required standard.

We put CARP on the same protocol as VRRP. Bute note that the packets can be differentiated. A VRRP implementation must validate the packets fully according to the RFC, ignoring any invalid ones, since they are either noise or a "future version". Without such validation, a VRRP implementation will misbehave when a future variation of the protocol arrives. We created no risk for conforming VRRP implementations. See RFC3117 for the principles behind making such decisions.

Essentially, we had to choose one of these: 1) Give up deploying CARP as a protocol, accepting the IESG refusal of a protocol number. 2) Follow the IETF process: Write up the protocol, hand it to the conflict-ridden VRRP commitee who would make changes to the protocol, and eventually discover a Cisco IPR statement attached to the standard. Robert Barr (Cisco Patent Council) said he believed -- not even having seen the CARP specification -- that CARP would infringe HSRP. IETF would have killed CARP. 3) Reuse the VRRP protocol number, with a clearly incompatible and differentiatable packet format. 4) Allocate a new protocol number (say 222), randomly but unused, without IANA involvement.

We were unaware of any other options. Don't bother inventing other options. It is water under the bridge, CARP is on layer 2 networks everywhere, so we obviously did not choose option 1. You can judge us only for the option we chose, out of the options we saw.

I spent more than a year politic'ing in email with vendors, IESG, and IETF VRRP, and made no headway towards solving the patent debacle -- I exposed myself to lawsuit threads from Cisco. During this time, KAME became aware that VRRP6 had an IPR statement, and deleted their VRRP6 code.

I put OpenBSD and myself out there against restrictive politicies by vendors clearly manipulating standards commitees. You participate in FreeBSD, which has this CARP code in their tree for almost a decade now, and then you attack us!

I believe our choice to put CARP onto the VRRP protocol turned out to be the best for layer 2 networks. In hindsight, it appears better than option 4 described above. VRRP implementations which were doing incomplete validation were fixed; some were found to have holes (HP).

Your accusation of malice without proof, is itself malicious. It is slander. It is far below the standards that ACM holds.

I recommend you read http://www.acm.org/about/code-of-ethics

Kode Vicious | Thu, 31 May 2012 14:54:14 UTC

Yet again, neither of you have addressed the question. Was that protocol number chosen with malice aforethought? If you can show that it was not chosen that way then I suggest you write an actual rebuttal and send it to ACM for publication. ACM is usually quite pleased to publish letters.

Displaying 10 most recent comments. Read the full list here
Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.