<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: <cipe-l,AT,inka,DOT,de>,"Hans Steegers" <hsx,AT,dds,DOT,nl>
Subject: Re: What do you guys think about this?
From: Allan Latham <alatham,AT,flexsys-group,DOT,com>
Date: Wed, 24 Sep 2003 09:23:53 +0200
In-reply-to: <000401c381c7$70550180$d620a8c0@pcw_hans.hnsasd.priv>
References: <000401c381c7$70550180$d620a8c0@pcw_hans.hnsasd.priv>

Hi all

I sent this yesterday but I've not seen it on the list.
Sending it again in case it got lost on the way.

Hi Hans

can you confirm this gets on the list pls. It may be my spam killer at fault!

Thanks

Allan

-----------

Hi all

get real!

The lock on my house is nothing compared to the one on the vault in the bank 
down the road. It is however more than adequate for my needs.

If you want bank level of security use a commercial product so you can sue 
the 
supplier if it breaks. (Why do commercial suppliers terms disclaim 
responsibility?)

CIPE is simple and has been in regular use since before IPsec was finalised. 
For a long time it wasn't even possible to get a free version of IPsec to 
compile without lots of hacking - even then you needed to be an Einstein to 
configure it.

CIPE is by far the most secure of the "simple" IP encryption products.

Replay attacks on cipe are possible. If the overlying protocol does not 
detect 
duplicate packets then you should not be using that protocol if duplicate 
packets could cause a misfunction - i.e. it is not the job of CIPE to mend 
your application.

There are probably some DOS attacks - maybe even to the extent of forcing 
CIPE 
to use the master key too often. Protection against DOS attacks is very hard.

A final but important note. The Linux version of CIPE is simple, well known 
and well tested and in constant use. I know of no successful attack against 
it. All IPsec implementations are large complex beasts. If they are free of 
program bugs this will be little short of a miracle. Most serious crypto 
software fails for that reason. 

Then there are configuration errors! Human error is the the number one 
failure 
point in any system - crypto or otherwise.

Best regards

Allan


<< | Thread Index | >> ]    [ << | Date Index | >> ]