[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How IKE is sometimes (mis-)used in the real world.

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: How IKE is sometimes (mis-)used in the real world.
From: Henry Spencer <henry@spsystems.net>
Date: Sat, 13 Dec 2003 19:46:35 -0500 (EST)
In-reply-to: <20031212233645.GA4292@rek.tjls.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 12 Dec 2003, Thor Lancelot Simon wrote:
> Ultimately, I'd call the lessons of this silliness twofold:
> 1) Configuration *really matters*...

When I started working with the FreeS/WAN project, upper management made a
big point that there should (ideally) be *no way* to misconfigure the
software to give a false appearance of security:  communications should
fail, or be obviously insecure, or be truly and thoroughly secure.  The
more I worked with the project, and dealt with real-user problems, the
more strongly I agreed with this. 

Yes, misconfiguration is "pilot error"... but many cases of pilot error
are really due, at least in part, to error-prone interfaces which make it
too easy for tired, stressed people to make lethal mistakes.  Engineering
the failure modes out is much more effective than exhorting people to make
fewer mistakes. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: How IKE is sometimes (mis-)used in the real world.
  - From: "Marcus D. Leech" <mleech@nortelnetworks.com>

References:
- How IKE is sometimes (mis-)used in the real world.
  - From: Thor Lancelot Simon <tls@rek.tjls.com>

Prev by Date: Re: How IKE is sometimes (mis-)used in the real world.
Next by Date: Re: How IKE is sometimes (mis-)used in the real world.
Previous by thread: Re: How IKE is sometimes (mis-)used in the real world.
Next by thread: Re: How IKE is sometimes (mis-)used in the real world.
Index(es):
- Date
- Thread