<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: Rod Boyce <rod_boyce,AT,stratexnet,DOT,com>
Subject: Re: What do you guys think about this?
From: Damion Wilson <dwilson,AT,ibl,DOT,bm>
Date: Tue, 23 Sep 2003 10:59:11 -0300
Cc: cipe-l,AT,inka,DOT,de
In-reply-to: <8D7C5F56B409554D9D46AC22195807F3061D47@exchwenz01.dmcwave.co.nz>
References: <8D7C5F56B409554D9D46AC22195807F3061D47@exchwenz01.dmcwave.co.nz>

<rant>

Well, that's exactly the kind of thing that is irking me. This guy IS a 
respected and knowledgeable cryptography expert but he is of the apparent 
opinion that we are not capable of figuring out our own needs and 
obtaining/developing the solutions for them.

I'm especially  perturbed because I spent time writing the Win32 port AFTER 
eschewing PPTP, IPSec and a host of others in favour of CIPE, knowing fully 
well that if an intermediate router decided to capture the entire stream, it 
was possible to perform a replay attack. I'm particularly insulted because I 
spent most of a year implementing a protocol that, in his 15 minutes, he, 
along with the Slashdot crowd, has decided should just be scrapped and 
abandoned. What, exactly has he written to fill our need ?

Only one Slashdot poster (a professional, it appeared) was able to articulate 
that the "solutions" that Peter Gutmann proposed would prevent non TCP 
protocols from utilising the VPN properly. The alternatives suggested have 
the same problems that they had when I first looked at them.

</rant>

DKW

On Tuesday 23 September 2003 01:34 am, Rod Boyce wrote:
> I don't very often respond to this kind of stuff.  When I think of Linux
> and VPN I consider Linux my Swiss army knife of VPN stuff.  If I want a
> think VPN then works over UDP/IP with good enough encryption for my needs I
> choose CIPE.  If I need to connect to a window network with an existing
> PPTP VPN then I use the PPTP client.  If I want temporary tunnels between
> Linux end points that I use SSH.  I have never need any thing else.  CIPE
> is the best and easiest to set up permanent VPN I have ever come across the
> fact that is works well over the internet with any special route
> configuration is great in my opinion.
> When I evaluate these kind of technologies I set up a complete test
> environment, perform many simple test and make an informed decision.
>
> This is what I do and for my and my customers needs CIPE is the best
> permanent VPN I have test out.
>
> Regards,
> Rod Boyce
>
> > -----Original Message-----
> > From: Mailing Lists [mailto:groups,AT,hasely,DOT,com
> > Sent: Tuesday, 23 September 2003 4:16 p.m.
> > To: cipe-l,AT,inka,DOT,de
> > Subject: Re: What do you guys think about this?
> >
> > How about some ranting, and raving on Slashdot.?
> >
> > On Monday, September 22, 2003, at 08:54  PM, Russell Berry wrote:
> > > yeah, pissed me off too.  But you hit the nail on the head with
> > > infantile in
> > > the same paragraph with Gutmann.  Rant away....
> > >
> > > ---russ
> > >
> > > Russell Berry
> > > Berrex Computer Solutions
> > > http://www.berrex.com
> > > Russ,AT,berrex,DOT,com
> > > 1-877-558-9507
> > > ----- Original Message -----
> > > From: "Damion Wilson" <dwilson,AT,ibl,DOT,bm>
> > > To: "Groups" <groups,AT,hasely,DOT,com>
> > > Cc: <cipe-l,AT,inka,DOT,de>
> > > Sent: Monday, September 22, 2003 11:20 PM
> > > Subject: Re: What do you guys think about this?
> > >
> > >> Alright. I've just seen this on Slashdot and a few things pissed me
> > >> off:
> > >>
> > >> 1. CIPE has apparently been declared a "dead" project.
> > >>
> > >> 2. The cursory analysis by Peter Gutmann appears to have missed subtle
> > >
> > > things.
> > >
> > >> For instance, CIPE primarily using Blowfish (and not IDEA).
> > >>
> > >> 3. The apparent zeal with which all non IPSec or SSL implementations
> > >> are
> > >> attacked as basically infantile and not worth entertaining smacks of
> > >> patronising.
> > >>
> > >> 4. Some issues are stated as being known "years ago" and ignored. I
> > >> don't
> > >> recall the issues he raises as having crossed my 5 year participation
> > >> on
> > >
> > > this
> > >
> > >> list, the "man in the middle" vulnerability notwithstanding. We
> > >> appear to
> > >> have voted for simplicity in this regard, correct me if I'm wrong.
> > >> It's
> > >> easier to believe that your ISP isn't out to get you.
> > >>
> > >> If Mr. Gutmann had bothered to peruse the mailing list archives (the
> > >> link
> > >
> > > was
> > >
> > >> right on the same page as the protocol description), He might have
> > >> had the
> > >> chance to determine what was important to the userbase and, instead of
> > >> declaring CIPE, Tinc, OpenVPN, et al. "dead", He might have realised
> > >> what
> > >
> > > was
> > >
> > >> important enough to them to specifically eschew IPSec, etc in
> > >> choosing our
> > >> specific flavours of VPN.
> > >>
> > >> He deems us stupid and foolhardy for making the decision to use these
> > >> products, develop for them, and show loyalty to them in the face of
> > >
> > > software
> > >
> > >> and techniques that he prefers. Apparently, we're all a bunch of
> > >> idiots
> > >
> > > and
> > >
> > >> it only took him a 30 minute or more analysis for him to determine
> > >> it, and
> > >> the other projects weren't as lucky. Let's all remember the Andrew
> > >
> > > Tanenbaum
> > >
> > >> v Linus Torvalds "discussion" over the relative technical merits of
> > >> Minix
> > >> over Linux.
> > >>
> > >> I'm still pissed. I need to rant some more later
> > >>
> > >> I'd like to know if Olaf has anything to say about it, though. Peter
> > >
> > > Gutmann
> > >
> > >> apparently attempted to contact him.
> > >>
> > >> DKW
> > >>
> > >> On Monday 22 September 2003 08:57 pm, Groups wrote:
> > >>> I've been using CIPE for over a year now, and my boss just forwarded
> > >
> > > this
> > >
> > >>> link, http://www.mit.edu:8008/bloom-picayune/crypto/14238, to a
> > >>> posting
> > >>> about the security of CIPE.  Does anyone have any arguments that may
> > >
> > > help
> > >
> > >>> me out?
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> --
> > >>> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > >>> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in 
> > >>> body
> > >>> Other commands available with "help" in body to the same address.
> > >>> CIPE info and list archive:
> > >>> <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> > >>
> > >> --
> > >> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > >> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in 
> > >> body
> > >> Other commands available with "help" in body to the same address.
> > >> CIPE info and list archive:
> > >
> > > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
> >
> > --
> > Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> > Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> > Other commands available with "help" in body to the same address.
> > CIPE info and list archive:
> > <URL:http://sites.inka.de/~bigred/devel/cipe.html>
>
> --
> Message sent by the cipe-l,AT,inka,DOT,de mailing list.
> Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
> Other commands available with "help" in body to the same address.
> CIPE info and list archive:
> <URL:http://sites.inka.de/~bigred/devel/cipe.html>


<< | Thread Index | >> ]    [ << | Date Index | >> ]