[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: Security Architecture for the Internet Protocol to



	 Steve,
	 
	 You yourself made the empirical connection between the quantity of code
	 and likelihood of vulnerability, in your firewall book.  I think your
	 point there was well taken, and easily justified on simple statistical
	 considerations.

Absolutely.  But it's not just code per se, it's code complexity.
Raw ipsec -- especially as one would see in an outboard encryptor --
is comparatively linear.  isakmp worries me more, because of the
number of complicated states.