[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2000 and Cicsco router interoperability
Reply sent to ipsra list since that's where this discussion belongs.
"CHINNA N.R. PELLACURU" wrote:
>
> "minimal" "necessary" "sufficient" by whose standards? By standards of the
> current non-existant remote user population? If they are unnecessary from
> a remote access point of view then why are they in that standard?
>
> The point I am trying to make is that what is "sufficient" today, may not
> be so tommorow, and thus needs constant hacking of IKE.
>
> On Wed, 24 May 2000, Scott G. Kelly wrote:
>
> > Glen Zorn wrote:
> >
> > <trimmed...>
> >
> > > Henry Spencer wrote:
> > >
> > > > Granted, if security isn't important to the customer, their security is
> > > > likely to be weak. But careful design by specifiers and suppliers can
> > > > have a big effect on *how* weak it is, both by avoiding gratuitous holes
> > > > and by influencing customer behavior in the right direction. Such
> > > > measures can considerably improve the odds that a cracker will pick on
> > > > somebody else. (Flu vaccination will not guarantee that you don't get the
> > > > flu, but it considerably improves the odds of getting only a mild case.)
> > >
> > > To continue your medical analogy (though I'm not sure how appropriate it
> > > is), if flu shots were as painful as rabies treatment, how many people would
> > > just take their chances w/the flu? My point here is that the entire purpose
> > > of xuth/mode config/etc. seems to be to create precisely the functionality
> > > already present in PPP (and by extension, L2TP).
> > >
> >
> > Actually, I think the entire point of the various user auth proposals
> > are to create the minimal necessary and sufficient *subset* of the
> > functionality present in ppp and l2tp in order to enable secure remote
> > access.
> >
> > Scott
> >
>
> chinna narasimha reddy pellacuru
> s/w engineer
References: