[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to
On Fri, 27 Mar 1998, Scott G. Kelly wrote:
>
> IPSEC as currently spec'd is SSSSEEEECCCCUUURRRREEE.
>
Has this been established? It seems doubtful in view of
(i) its complexity, and (ii) its explicit support for gateways
and "trusted networks".
Lets construct a set of ten targets and award a cash prize to the
first ten hackers to break three of them.
The weaknesses that have been found thus far -- and the ones I fear in
IKE -- have been in the cryptographic protocols. I've never yet seen
a hacker attack one of those -- it's an arcane skill, and difficult
for even the best cryptographers.
However -- cryptography is not equivalent to security. An ipsec channel
between a hacker and, say, an old version of sendmail will not protect
you.
Follow-Ups: