[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: swIPe available for FTP.



Apart from problems with the architecture, there are three serious
flaws in the implementation.

One, of course, is the lack of key management.  That's known and admitted.
Indeed, swIPe is a good vehicle for experimenting with it.

The second problem is the lack of filtering on input.  That is, you
may have a key -- which guarantees authenticity -- between you and
some host Foo.  But no check is made to ensure that packets from Foo
are properly encrypted.  This means that you can't trust a received
packet; you only know that genuine packets haven't been tampered with.

Third, there is no notice to the higher levels -- TCP or the application --
of the security status of the received packet.  This makes it difficult
to build a secure application on top of swIPe.

swIPe isn't useless, by any means.  But a lot more work is needed to
make it really useful.