<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Damion Wilson" <dwilson,AT,ibl,DOT,bm>, "Groups" <groups,AT,hasely,DOT,com>
Subject: Re: What do you guys think about this?
From: "Russell Berry" <russ,AT,berrex,DOT,com>
Date: Mon, 22 Sep 2003 23:54:12 -0400
Cc: <cipe-l,AT,inka,DOT,de>
References: <3F6F8C81.2080202@hasely.com> <200309230020.54867.dwilson@ibl.bm>

yeah, pissed me off too.  But you hit the nail on the head with infantile in
the same paragraph with Gutmann.  Rant away....

---russ

Russell Berry
Berrex Computer Solutions
http://www.berrex.com
Russ,AT,berrex,DOT,com
1-877-558-9507
----- Original Message -----
From: "Damion Wilson" <dwilson,AT,ibl,DOT,bm>
To: "Groups" <groups,AT,hasely,DOT,com>
Cc: <cipe-l,AT,inka,DOT,de>
Sent: Monday, September 22, 2003 11:20 PM
Subject: Re: What do you guys think about this?

> Alright. I've just seen this on Slashdot and a few things pissed me off:
>
> 1. CIPE has apparently been declared a "dead" project.
>
> 2. The cursory analysis by Peter Gutmann appears to have missed subtle
things.
> For instance, CIPE primarily using Blowfish (and not IDEA).
>
> 3. The apparent zeal with which all non IPSec or SSL implementations are
> attacked as basically infantile and not worth entertaining smacks of
> patronising.
>
> 4. Some issues are stated as being known "years ago" and ignored. I don't
> recall the issues he raises as having crossed my 5 year participation on
this
> list, the "man in the middle" vulnerability notwithstanding. We appear to
> have voted for simplicity in this regard, correct me if I'm wrong. It's
> easier to believe that your ISP isn't out to get you.
>
> If Mr. Gutmann had bothered to peruse the mailing list archives (the link
was
> right on the same page as the protocol description), He might have had the
> chance to determine what was important to the userbase and, instead of
> declaring CIPE, Tinc, OpenVPN, et al. "dead", He might have realised what
was
> important enough to them to specifically eschew IPSec, etc in choosing our
> specific flavours of VPN.
>
> He deems us stupid and foolhardy for making the decision to use these
> products, develop for them, and show loyalty to them in the face of
software
> and techniques that he prefers. Apparently, we're all a bunch of idiots
and
> it only took him a 30 minute or more analysis for him to determine it, and
> the other projects weren't as lucky. Let's all remember the Andrew
Tanenbaum
> v Linus Torvalds "discussion" over the relative technical merits of Minix
> over Linux.
>
> I'm still pissed. I need to rant some more later
>
> I'd like to know if Olaf has anything to say about it, though. Peter
Gutmann
> apparently attempted to contact him.
>
> DKW
> On Monday 22 September 2003 08:57 pm, Groups wrote:
> > I've been using CIPE for over a year now, and my boss just forwarded
this
> > link, http://www.mit.edu:8008/bloom-picayune/crypto/14238, to a posting
> > about the security of CIPE.  Does anyone have any arguments that may
help
> > me out?
> >
> >
> >
> >
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]