David Brodbeck <DavidB,AT,mail,DOT,interclean,DOT,com>|
RE: My response to both the analysis of CIPE by Gutmann, Slashdotand the response by the CIPE list|
Les Mikesell <les,AT,futuresource,DOT,com>|
25 Sep 2003 12:22:41 -0500|
On Thu, 2003-09-25 at 10:01, David Brodbeck wrote:
> > -----Original Message-----
> > From: Eric M. Hopper [mailto:hopper,AT,omnifarious,DOT,org
> > I also strongly agree with your other points. Peter
> > Gutmann's analysis
> > is unecessarily incendiary (thus one is tempted to dismiss it
> > out-of-hand), and has some minor flaws, but the vulnerabilities he
> > exposes are real, and should be addressed.
> This is true. However, I don't thinke Peter was arguing that cIPe should be
> fixed, I think he was arguing that it should be abandoned and people should
> switch to IPSec or SSL/SSH.
The theory sounds good but theories can make the invalid assumption
that software implementations are perfect and complexity doesn't
matter. This seems to be one of those cases where the record of
actual exploits shows that you could reconsider this theory. As a
perfect example, I have several old boxes located remotely running
cipe tunnels as a VPN for remote LANS. They don't have compilers and
I can't get a fixed binary to update the broken ssh. So, the only
way I can keep using them is to turn off ssh on the outside interface
and only use it on the inside where it is protected by the cipe tunnel.
I've personally had several machines compromised through ssh, none
And by the way, his comment that no one has heard of CIPE demonstrates
a lack of real-world exposure since it is included as a standard
part of Redhat Linux distributions.