[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
"minimal" "necessary" "sufficient" by whose standards? By standards of the
current non-existant remote user population? If they are unnecessary from
a remote access point of view then why are they in that standard?
The point I am trying to make is that what is "sufficient" today, may not
be so tommorow, and thus needs constant hacking of IKE.
On Wed, 24 May 2000, Scott G. Kelly wrote:
> Glen Zorn wrote:
>
> <trimmed...>
>
> > Henry Spencer wrote:
> >
> > > Granted, if security isn't important to the customer, their security is
> > > likely to be weak. But careful design by specifiers and suppliers can
> > > have a big effect on *how* weak it is, both by avoiding gratuitous holes
> > > and by influencing customer behavior in the right direction. Such
> > > measures can considerably improve the odds that a cracker will pick on
> > > somebody else. (Flu vaccination will not guarantee that you don't get the
> > > flu, but it considerably improves the odds of getting only a mild case.)
> >
> > To continue your medical analogy (though I'm not sure how appropriate it
> > is), if flu shots were as painful as rabies treatment, how many people would
> > just take their chances w/the flu? My point here is that the entire purpose
> > of xuth/mode config/etc. seems to be to create precisely the functionality
> > already present in PPP (and by extension, L2TP).
> >
>
> Actually, I think the entire point of the various user auth proposals
> are to create the minimal necessary and sufficient *subset* of the
> functionality present in ppp and l2tp in order to enable secure remote
> access.
>
> Scott
>
chinna narasimha reddy pellacuru
s/w engineer
Follow-Ups:
References: