"Damion Wilson" <dwilson,AT,ibl,DOT,bm>, "Groups" <groups,AT,hasely,DOT,com>|
Re: What do you guys think about this?|
"Russell Berry" <russ,AT,berrex,DOT,com>|
Mon, 22 Sep 2003 23:54:12 -0400|
yeah, pissed me off too. But you hit the nail on the head with infantile in
the same paragraph with Gutmann. Rant away....
Berrex Computer Solutions
----- Original Message -----
From: "Damion Wilson" <dwilson,AT,ibl,DOT,bm>
To: "Groups" <groups,AT,hasely,DOT,com>
Sent: Monday, September 22, 2003 11:20 PM
Subject: Re: What do you guys think about this?
> Alright. I've just seen this on Slashdot and a few things pissed me off:
> 1. CIPE has apparently been declared a "dead" project.
> 2. The cursory analysis by Peter Gutmann appears to have missed subtle
> For instance, CIPE primarily using Blowfish (and not IDEA).
> 3. The apparent zeal with which all non IPSec or SSL implementations are
> attacked as basically infantile and not worth entertaining smacks of
> 4. Some issues are stated as being known "years ago" and ignored. I don't
> recall the issues he raises as having crossed my 5 year participation on
> list, the "man in the middle" vulnerability notwithstanding. We appear to
> have voted for simplicity in this regard, correct me if I'm wrong. It's
> easier to believe that your ISP isn't out to get you.
> If Mr. Gutmann had bothered to peruse the mailing list archives (the link
> right on the same page as the protocol description), He might have had the
> chance to determine what was important to the userbase and, instead of
> declaring CIPE, Tinc, OpenVPN, et al. "dead", He might have realised what
> important enough to them to specifically eschew IPSec, etc in choosing our
> specific flavours of VPN.
> He deems us stupid and foolhardy for making the decision to use these
> products, develop for them, and show loyalty to them in the face of
> and techniques that he prefers. Apparently, we're all a bunch of idiots
> it only took him a 30 minute or more analysis for him to determine it, and
> the other projects weren't as lucky. Let's all remember the Andrew
> v Linus Torvalds "discussion" over the relative technical merits of Minix
> over Linux.
> I'm still pissed. I need to rant some more later
> I'd like to know if Olaf has anything to say about it, though. Peter
> apparently attempted to contact him.
> On Monday 22 September 2003 08:57 pm, Groups wrote:
> > I've been using CIPE for over a year now, and my boss just forwarded
> > link, http://www.mit.edu:8008/bloom-picayune/crypto/14238, to a posting
> > about the security of CIPE. Does anyone have any arguments that may
> > me out?
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive: