Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPSec research

From: mhudack () EUGENE KASHPUREFF ORG (Mike Hudack)
Date: Sat, 25 Mar 2000 11:09:24 -0500

In general, IPSEC seems to be the "be all end all" of encrypted network
traffic.  Unfortunately, there are difficulties.

My company's working on a product which was originally going to use IPSEC
- we ran across several problems, however.

IPSEC, although having been arround for a while, seems to be relatively
untested and has several flaws - authentication and handshaking seems to
be the biggest problem we came across, but not the only ones.

In general I feel better recommending other tunneling protocols, we moved
over to a modified SSH implementation.

Good luck,

Mike Hudack
Chief Scientist: Knowledge Propulsion Laboratory
203.838.7129
mhudack () kplab com

On Fri, 24 Mar 2000, Bep Verberk wrote:


I'm trying to locate some research/documents/papers discussing the use
of IPSec to provide enhanced security. Aside from the obvious
performance hit, people seem to be talking like this is the "silver
bullet"
for security over IP.

Surely, there must be some inherent flaws ?
What about the need for a trusted key exchange system ? Is that
vulnerable ?

Perhaps a good idea in theory will fall apart due to bad
implementations,
riddled with buffer overflow exploits and DOS vulnerabilities ??

Any thoughts, ideas, pointers ?

Cheers.
Previous By Date Next
Previous By Thread Next

Current thread: