<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>
Subject: RE: About P.Gutmann's critique of CIPE - etc. etc.
From: "Les Mikesell" <les,AT,futuresource,DOT,com>
Date: Fri, 26 Sep 2003 12:04:41 -0500
Cc: "CIPE-list" <cipe-l,AT,inka,DOT,de>
Importance: Normal
In-reply-to: <200309260910.47249.rsmckown@yahoo.com>

> From: Steve McKown

> CIPE's total code size is an order of magnitude smaller than the code size 
> of 
> just the openssl library.  Over the life of a software product, there is a 
> direct correlation between code size and both total defects and maintenance 
> cost (time, effort).

I think you should consider maturity and exposure as well.  Hopefully the
time and effort spent on the larger product eventually result in getting
the bugs fixed and a larger exposure can result in finding the more obscure
ones sooner.

> There are two competing variables: diversity and complexity. 

I'm glad you mentioned diversity - I don't think anyone has brought up
that point yet.   The rash of Microsoft exploits provide a good example
of what happens when exactly the same less-than-perfect code runs
everywhere.

> With crypto apps that rely on different 
> underlying components you increase diversity, create some isolation between 
> those apps in the case of compromises, ... and increase complexity.

The isolation between components is another good point, but I'm not sure
how much difference there would be between cipe and openvpn.  With
ssh based tunnels if there is a bug in the right place you have a
tcp connection to a process running as root.   With cipe (and probably
openvpn) you get to inject an unexpected packet onto the network.  Now
that people are aware of this potential threat they can use other tools
to firewall the interface at the tunnel endpoint.

---
  Les Mikesell
   les,AT,futuresource,DOT,com


<< | Thread Index | >> ]    [ << | Date Index | >> ]