[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to



	 
	 On Fri, 27 Mar 1998, Scott G. Kelly wrote:
	 > 
	 > IPSEC as currently spec'd is SSSSEEEECCCCUUURRRREEE.
	 > 
	 
	   Has this been established?  It seems doubtful in view of
	   (i) its complexity, and (ii) its explicit support for gateways
	   and "trusted networks".
	 
	   Lets construct a set of ten targets and award a cash prize to the
	   first ten hackers to break three of them.

The weaknesses that have been found thus far -- and the ones I fear in
IKE -- have been in the cryptographic protocols.  I've never yet seen
a hacker attack one of those -- it's an arcane skill, and difficult
for even the best cryptographers.

However -- cryptography is not equivalent to security.  An ipsec channel
between a hacker and, say, an old version of sendmail will not protect
you.


Follow-Ups: