<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Groups <groups,AT,hasely,DOT,com>
Subject: Re: What do you guys think about this?
From: Damion Wilson <dwilson,AT,ibl,DOT,bm>
Date: Tue, 23 Sep 2003 00:20:54 -0300
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <3F6F8C81.2080202@hasely.com>
References: <3F6F8C81.2080202@hasely.com>

Alright. I've just seen this on Slashdot and a few things pissed me off:

1. CIPE has apparently been declared a "dead" project.

2. The cursory analysis by Peter Gutmann appears to have missed subtle 
For instance, CIPE primarily using Blowfish (and not IDEA).

3. The apparent zeal with which all non IPSec or SSL implementations are 
attacked as basically infantile and not worth entertaining smacks of 

4. Some issues are stated as being known "years ago" and ignored. I don't 
recall the issues he raises as having crossed my 5 year participation on this 
list, the "man in the middle" vulnerability notwithstanding. We appear to 
have voted for simplicity in this regard, correct me if I'm wrong. It's 
easier to believe that your ISP isn't out to get you.

If Mr. Gutmann had bothered to peruse the mailing list archives (the link was 
right on the same page as the protocol description), He might have had the 
chance to determine what was important to the userbase and, instead of 
declaring CIPE, Tinc, OpenVPN, et al. "dead", He might have realised what was 
important enough to them to specifically eschew IPSec, etc in choosing our 
specific flavours of VPN.

He deems us stupid and foolhardy for making the decision to use these 
products, develop for them, and show loyalty to them in the face of software 
and techniques that he prefers. Apparently, we're all a bunch of idiots and 
it only took him a 30 minute or more analysis for him to determine it, and 
the other projects weren't as lucky. Let's all remember the Andrew Tanenbaum 
v Linus Torvalds "discussion" over the relative technical merits of Minix 
over Linux.

I'm still pissed. I need to rant some more later

I'd like to know if Olaf has anything to say about it, though. Peter Gutmann 
apparently attempted to contact him.

On Monday 22 September 2003 08:57 pm, Groups wrote:
> I've been using CIPE for over a year now, and my boss just forwarded this
> link, http://www.mit.edu:8008/bloom-picayune/crypto/14238, to a posting
> about the security of CIPE.  Does anyone have any arguments that may help
> me out?
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>

<< | Thread Index | >> ]    [ << | Date Index | >> ]