<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Eric M. Hopper" <hopper,AT,omnifarious,DOT,org>, cipe-l,AT,inka,DOT,de
Subject: Re: My response to both the analysis of CIPE by Gutmann, Slashdotand the response by the CIPE list
From: Jake Appelbaum <jacob,AT,appelbaum,DOT,net>
Date: 25 Sep 2003 16:05:59 +0200
In-reply-to: <1064498020.7652.85.camel@monster.omnifarious.org>
References: <1064495379.428.21.camel@eris> <1064498020.7652.85.camel@monster.omnifarious.org>

On Thu, 2003-09-25 at 15:53, Eric M. Hopper wrote:
> On Thu, 2003-09-25 at 08:09, Jake Appelbaum wrote:
> > The fact that Olaf hasn't replied is a huge problem for my assurances
> > that this project is on track to fix these problems, I know that I am
> > not alone [13]. What is more shocking to me is the lack of understanding
> > about a protocol/security method being broken. It seems that many people
> > doing small tests of their own [14] find it to be acceptable because it
> > will fit their clients needs. Their own greed and the ease of setup
> > being the bottom line. 
> 
> This actually really bothers me too.  For this kind of project, and this
> level of critique, the maintainer should respond to within 8-16 hours. 
> He should've responded to Peter Gutman when Peter first emailed him.  If
> he's no longer interested in being that involved in the project, he
> should hand maintership of it to someone else.  A security sensitive
> project like this can't afford a maintainer who doesn't have time to pay
> close attention to security issues.

I fully agree with you. So how can we get in touch with him?

> I also strongly agree with your other points.  Peter Gutmann's analysis
> is unecessarily incendiary (thus one is tempted to dismiss it
> out-of-hand), and has some minor flaws, but the vulnerabilities he
> exposes are real, and should be addressed.

As I stated before, I fully agree.

> > Other people seem just fine with CIPE being "less than a bank vault" and
> > I find this just amazing [15]. This is a project that claims the highest
> > in industry stands. These are people giving away secure systems. That
> > type of response is insane. One poster even seemed happy with these
> > statements against CIPE and bragged of it's use in "every sector you can
> > imagine" [16].
> 
> Not only that, but the comparison is seriously flawed anyway.  A
> comparison to a bank vault is not a valid comparison for an Internet
> protocol.  Internet protocols must all be as secure as we know how to
> make them because of the quick dissemination of cracking tools the
> Internet makes possible.   A few thousand minor vulnerable hosts on the
> Internet is almost as bad as one really important vulnerable host.

When dealing with the internet there is hardly any reason what so ever
to use lesser security measures. In the case of speed, is it really so
important that we not have the option for more security at the cost of
having to run it on high speed hardware like a p100?

It's dangerous as many people that have adopted CIPE have not done a
cryptanalysis themselves. They have no idea what is going on here and
it's only a matter of time until someone makes a program that messes up
CIPE tunnels with management traffic.

This needs to be fixed or the CIPE project is dead in the water.

-- 
Jake Appelbaum <jacob,AT,appelbaum,DOT,net>

Attachment: signature.asc
Description: This is a digitally signed message part


<< | Thread Index | >> ]    [ << | Date Index | >> ]