"James Yonan" <jim,AT,yonan,DOT,net>|
Re: About Peter Gutmann's critique of CIPE|
"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>|
Fri, 26 Sep 2003 08:36:25 -0600|
On Thursday 25 September 2003 08:57 pm, James Yonan wrote:
> OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use,
> runs on 7 different OSes including Windows, and uses a high-security crypto
> model that so far has stood up well to analysis (even PG couldn't find much
> bad to say about it).
Thanks for the great summary of OpenVPN!
> Today, many of the functions that CIPE is trying to do, both at the crypto
> level and at the networking level, can be done quite well by external,
> independently developed libraries and drivers. IMHO, to avail itself of
> these resources would make CIPE a stronger, more lightweight solution.
In our case, the relative weight of the solution has to include all
dependencies, since the code of external dependencies has to be maintained by
someone (and is subject to defects, etc), stored on the system (small flash
memory space), updated with every security release (more code = more defects)
and executed by the CPU. While I see the significant advantages of
leveraging external libraries, considering "weight" at a systemic level I
would expect CIPE to be significantly heavier if it used the OpenSSL
libraries. For us, that seems to be a negative. I'd appreciate your
thoughts on these comments.
All the best,
Titanium Mirror, Inc.