<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Mailing Lists" <groups,AT,hasely,DOT,com>
Subject: Re: What do you guys think about this?
From: rsalles,AT,rsnetservices,DOT,com,DOT,br
Date: Tue, 23 Sep 2003 02:07:35 -0300 (BRT)
Cc: cipe-l,AT,inka,DOT,de
Importance: Normal
In-reply-to: <A4DC57EC-ED7C-11D7-BEB0-00039304FC9E@hasely.com>
References: <09bb01c38186$5e6d2d80$1401010a@berrex.com> <A4DC57EC-ED7C-11D7-BEB0-00039304FC9E@hasely.com>

Russ,

I don't know, the Cryptography maillist is a very well known one,
sponsored by the MIT, and maybe there is some interest on this list to see
sparks rising, and a little bruhaha echoing out there.

IMHO, we better wait for Olaf to deal first with it - if he is
interested/concerned/have time to that.

The only think i can say by know is that i TRUST the job we're doing
around here as users, and the job donne by Olaf himself and the developer
team.
Are we wrong? Very difficult to beleive. Are we alone? Also, this is
already shared by RedHat, EnGarde, ASP Linux, RawHide and many others.
Reliability and security, that's what i found using CIPE until now. Is
this a troll who plays with CIPE? Maybe a FUD primer, but wait: let's give
to Olaf the speach: and let's hear what he's finding necessary to say, if
any.

Best Regards,

RSalles

> How about some ranting, and raving on Slashdot.?
>
> On Monday, September 22, 2003, at 08:54  PM, Russell Berry wrote:
>
>> yeah, pissed me off too.  But you hit the nail on the head with
>> infantile in
>> the same paragraph with Gutmann.  Rant away....
>>
>> ---russ
>>
>> Russell Berry
>> Berrex Computer Solutions
>> http://www.berrex.com
>> Russ,AT,berrex,DOT,com
>> 1-877-558-9507
>> ----- Original Message -----
>> From: "Damion Wilson" <dwilson,AT,ibl,DOT,bm>
>> To: "Groups" <groups,AT,hasely,DOT,com>
>> Cc: <cipe-l,AT,inka,DOT,de>
>> Sent: Monday, September 22, 2003 11:20 PM
>> Subject: Re: What do you guys think about this?
>>
>>
>>> Alright. I've just seen this on Slashdot and a few things pissed me
>>> off:
>>>
>>> 1. CIPE has apparently been declared a "dead" project.
>>>
>>> 2. The cursory analysis by Peter Gutmann appears to have missed subtle
>> things.
>>> For instance, CIPE primarily using Blowfish (and not IDEA).
>>>
>>> 3. The apparent zeal with which all non IPSec or SSL implementations
>>> are
>>> attacked as basically infantile and not worth entertaining smacks of
>>> patronising.
>>>
>>> 4. Some issues are stated as being known "years ago" and ignored. I
>>> don't
>>> recall the issues he raises as having crossed my 5 year participation
>>> on
>> this
>>> list, the "man in the middle" vulnerability notwithstanding. We
>>> appear to
>>> have voted for simplicity in this regard, correct me if I'm wrong.
>>> It's
>>> easier to believe that your ISP isn't out to get you.
>>>
>>> If Mr. Gutmann had bothered to peruse the mailing list archives (the
>>> link
>> was
>>> right on the same page as the protocol description), He might have
>>> had the
>>> chance to determine what was important to the userbase and, instead of
>>> declaring CIPE, Tinc, OpenVPN, et al. "dead", He might have realised
>>> what
>> was
>>> important enough to them to specifically eschew IPSec, etc in
>>> choosing our
>>> specific flavours of VPN.
>>>
>>> He deems us stupid and foolhardy for making the decision to use these
>>> products, develop for them, and show loyalty to them in the face of
>> software
>>> and techniques that he prefers. Apparently, we're all a bunch of
>>> idiots
>> and
>>> it only took him a 30 minute or more analysis for him to determine
>>> it, and
>>> the other projects weren't as lucky. Let's all remember the Andrew
>> Tanenbaum
>>> v Linus Torvalds "discussion" over the relative technical merits of
>>> Minix
>>> over Linux.
>>>
>>> I'm still pissed. I need to rant some more later
>>>
>>> I'd like to know if Olaf has anything to say about it, though. Peter
>> Gutmann
>>> apparently attempted to contact him.
>>>
>>> DKW
>>> On Monday 22 September 2003 08:57 pm, Groups wrote:
>>>> I've been using CIPE for over a year now, and my boss just forwarded
>> this
>>>> link, http://www.mit.edu:8008/bloom-picayune/crypto/14238, to a
>>>> posting
>>>> about the security of CIPE.  Does anyone have any arguments that may
>> help
>>>> me out?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>>>> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>>>> Other commands available with "help" in body to the same address.
>>>> CIPE info and list archive:
>>>> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>>>
>>>
>>> --
>>> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>>> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>>> Other commands available with "help" in body to the same address.
>>> CIPE info and list archive:
>> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>>
>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>


<< | Thread Index | >> ]    [ << | Date Index | >> ]