[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: "Mr. Anderson" <neo@silkroad.com>
Subject: Re: Bruce Schneier on IPsec
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Wed, 19 Jan 2000 15:39:37 -0800 (PST)
cc: guttman@mitre.org, smamros@nortelnetworks.com, Markus.Friedl@informatik.uni-erlangen.de, ipsec@lists.tislabs.com
In-Reply-To: <200001192126.QAA21472@linux.silkroad.com>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 19 Jan 100, Mr. Anderson wrote:
> 
> 
> As painful as it may seem to the WG.  The WG would be
> well advised to objectively consider Bruce's comments.
> 
Despite what you may think, I believe we are doing just that. It's not even
painful. Considering opposing points of view is exactly what a working group
is all about, despite what the authors of the paper think of the IETF
process.

What I find galling is that the authors could have been part of the working
group all this time, when in fact they weren't. To then come at the group
after all these years and nit pick it to death is not appropriate.

Especially considering that a lot of what they point out has already been
discussed, and, in some cases, rejected. Not many of the points made are, in
fact new, or unknown to the working group. And as far as I understood them,
none of the attacks are either possible (SA proposal attack) or relevant
(manual keyed ipsec example/attack).

And it is my humble opinion, that the authors don't fully understand the
protocol, nor indeed some of the special challenges of networking, i.e.
proposing to combine the 5th and 6th MM messages into one fails to realize
that this will leave the last message going in the wrong direction, i.e.
will cause similar problems as the last QM message going in the wrong
direction (lack of ACK, so to speak).

That's not to say that there aren't valid points or valid food for thought
(which I'm sure the working group will consider).  Merely the the forum the
authors picked is inappropriate, and smacks of hidden agenda, and not of
"cryptographic analysis".

jan

> > By the way:  The paper has in fact two authors, Niels Ferguson and
> > Bruce Schneier.  
> > 
> > 	Joshua 
> > 
> > --
> > 	Joshua D. Guttman		<guttman@mitre.org> 
> > 	MITRE, Mail Stop A150 
> > 	202 Burlington Rd.		Tel:	+1 781 271 2654
> > 	Bedford, MA 01730-1420 USA	Fax:	+1 781 271 3816
> > 
> 
> 

 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:

Re: Bruce Schneier on IPsec

From: Henry Spencer <henry@spsystems.net>

References:

Re: Bruce Schneier on IPsec

From: "Mr. Anderson" <neo@silkroad.com>

Prev by Date: Re: Phase 1 KB lifetime
Next by Date: Re: Bruce Schneier on IPsec
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread