Vulnerability Development mailing list archives
Re: IPSec research
From: dugsong () MONKEY ORG (Dug Song)
Date: Sat, 25 Mar 2000 00:29:22 -0500
On Fri, 24 Mar 2000, Bep Verberk wrote:
Surely, there must be some inherent flaws ? What about the need for a trusted key exchange system ? Is that vulnerable ?
IPsec is yet another standard designed by committee. it doesn't have egregiously bad holes (thankfully, steve bellovin caught most of those), but there are significant problems beyond its over-engineering and general cruftiness. see Bruce Schneier's excellent analysis of IPsec (tunnel vs. transport mode, AH and ESP modes, etc.): http://www.counterpane.com/ipsec.html and Bill Simpson's dire assessment of IKE (there's a good reason OpenBSD offers Photuris as an alternative): http://www.usenix.org/publications/login/1999-12/features/harmful.html -d. --- http://www.monkey.org/~dugsong/
Current thread:
- Linux Mandrake 6.1 PAM/userhelper exploit, (continued)
- Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
- Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)
- Re: spoofing the ethernet address Pierre Landau (Mar 21)
- Re: spoofing the ethernet address Ex Machina (Mar 22)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 24)
- IPSec research Bep Verberk (Mar 24)
- Re: IPSec research Dug Song (Mar 24)
- Re: IPSec research Mike Hudack (Mar 25)
- Re: IPSec research potential problem areas. Patrick Denton (Mar 25)
- Re: spoofing the ethernet address Ex Machina (Mar 22)