[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

From: owner-ipsec@lists.tislabs.com
Date: Fri, 16 Jul 1999 08:50:27 -0400 (EDT)

with SMTP id QAA00201; Thu, 15 Jul 1999 16:26:27 -0500 (CDT)
Posted-Date: Thu, 15 Jul 1999 16:26:27 -0500 (CDT)
Message-Id: <4.1.19990715161920.00a04930@mail.visi.com>
X-Sender: schneier@mail.visi.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Thu, 15 Jul 1999 16:20:37 -0500
To: Dennis Glatting <dennis.glatting@software-munitions.com>, jerome@psti.com
From: Bruce Schneier <schneier@counterpane.com>
Subject: Re: your mail
Cc: ipsec@lists.tislabs.com
In-Reply-To: <Pine.BSF.4.10.9907151152110.65455-100000@btw.plaintalk.bel
 levue.wa.us>
References: <19990715120554.A3699@jerome.psti.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

At 12:08 PM 7/15/99 -0700, Dennis Glatting wrote:>From an enterprise
management perspective upgrading is a non-trivial
>process, a costly process, and cannot happen in a timely manner
>thereby leaving the enterprise vulnerable. 
>
>In my cases, I have to first determine if the exploit has significant
>impact for my users. I have to convince management teams it is
>significant issue. I have to come up with a plan and budget to upgrade
>devices. I have to locate and allocate sufficient expertise across my
>distributed enterprises and coordinate their efforts. I have to wait
>until my vendors revise their products. I have to cycle through my
>remote users' equipment. And, if previous experience is an indication
>of future events, upgrade devices themselves, such as revving the OS,
>adding memory, and increase processor power.
>
>It would be much easier and cost effective simply to change my policy
>engine (i.e., switch to cipher b).

This still makes no sense to me.  There are so many things to worry about
wrt an IPSec implementation, so many things that can compromise security
if they are not done correctly, that making sure there is a backup to
triple-DES seems like a collossal waste of time.  It's like putting a mile-high
stake in the ground and hoping the enemy runs right into it, instead of
trying to build a wall.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com

Prev by Date: No Subject
Next by Date: No Subject
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Main
- Thread