[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to
Steve,
You yourself made the empirical connection between the quantity of code
and likelihood of vulnerability, in your firewall book. I think your
point there was well taken, and easily justified on simple statistical
considerations.
Absolutely. But it's not just code per se, it's code complexity.
Raw ipsec -- especially as one would see in an outboard encryptor --
is comparatively linear. isakmp worries me more, because of the
number of complicated states.