<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "James Yonan" <jim,AT,yonan,DOT,net>
Subject: Re: About Peter Gutmann's critique of CIPE
From: "R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>
Date: Fri, 26 Sep 2003 08:36:25 -0600
Cc: <cipe-l,AT,inka,DOT,de>
In-reply-to: <twig.1064545056.17652@yonan.net>
References: <E1A2bsS-00033q-00@bigred.inka.de> <twig.1064545056.17652@yonan.net>

On Thursday 25 September 2003 08:57 pm, James Yonan wrote:
> OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use,
> runs on 7 different OSes including Windows, and uses a high-security crypto
> model that so far has stood up well to analysis (even PG couldn't find much
> bad to say about it).

Thanks for the great summary of OpenVPN!

> [snip]
>
> Today, many of the functions that CIPE is trying to do, both at the crypto
> level and at the networking level, can be done quite well by external,
> independently developed libraries and drivers.  IMHO, to avail itself of
> these resources would make CIPE a stronger, more lightweight solution.

In our case, the relative weight of the solution has to include all 
dependencies, since the code of external dependencies has to be maintained by 
someone (and is subject to defects, etc), stored on the system (small flash 
memory space), updated with every security release (more code = more defects) 
and executed by the CPU.  While I see the significant advantages of 
leveraging external libraries, considering "weight" at a systemic level I 
would expect CIPE to be significantly heavier  if it used the OpenSSL 
libraries.  For us, that seems to be a negative.  I'd appreciate your 
thoughts on these comments.

All the best,

Steve McKown
Titanium Mirror, Inc.


<< | Thread Index | >> ]    [ << | Date Index | >> ]