Damion Wilson wrote:
Is this thing worth some kind of official response ? I feel that Open Source
VPN's as a whole are being attacked. I appreciate constructive criticism but
the language of Peter Gutmann's "appraisal" is just too condescending to
regard as beneficial.
I think - at last check anyway - /.'s did OK at defending the OS side of
things. Part of the thread included a discussion about the merit's of
PG's statement "It's possible to create insecure "security" products
just as readily with open-source as with closed-source software". Having
said that, none of the /.'s (except maybe Dan Kaminsky) bothered to look
terribly hard at CIPE and it's purpose to really see if PG was right or
not.....just took another look to see if the topic is done with at /.
and found this by Kynde:
Serious experts make mistakes too.
1) Cipe is not dead, on the same page as there was the specification is
a link to the mail archives. Far from dead if you look in there.
2) Ranting about Cipe being vulnerable to replay attacks shows that he's
missed the point. Cipe was designed to be _stateless_ protocol over UDP,
so that it has the exact characteristics that IP has. There are quite
enough crypto streams out there, but disregarding IPsec, we don't have
that many packet based solutions.
3) Heck, even IP is is vulnerable to replay, and to state the obvious it
can actually do that witout being attacked against. There are no
guarantees that you wouldn't get duplactes, over and over again even.
Thus all protocols that plan on being invulnerable to replaying provide
such mechanisms _OVER_ ip.
My 2c worth: a response may be worthwhile, but I suspect the topic is
dead at /. now (ahhh timezones) (and as has been mentioned the crypto
list met it with silence anyway), so I suspect it could be wasted.
However, maybe something like Hans posted here....to show we appreciate
the "contructive" criticism but not the childish, offhand manner in
which it was delivered, then various points (as per say Hans' post)
specific to the analysis.
Again, kudos to DKW and Olaf and others for the coding efforts...