[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE/ISAKMP considered harmful

To: Du Jinsong <jinsong@internetappliance.com>
Subject: Re: IKE/ISAKMP considered harmful
From: William Allen Simpson <wsimpson@greendragon.com>
Date: Mon, 20 Dec 1999 13:55:34 -0500
Cc: tech@openbsd.org
References: <3859FF4C.2B08526B@internetappliance.com>

Du Jinsong wrote:
> 
> Hi, take a look at this article at:
> http://www.screaming-penguin.com/main.php3?storyid=782
> or the text I attached
> 
> It seems now that luckily OpenBSD implemented both IKE and Photuris.
> Actually I am curious about why OpenBSD chose to implement both of them.
>
Because in OpenBSD, Photuris was implemented first.  IKE/ISAKMP is the 
US NSA defined protocol, and nobody outside the US trusted it.  Heck, a 
lot of us _in_ the US didn't trust it.

We all owe a vote of thanks to Angelos Keromytis and Niels Provos for 
their security implementation efforts!

But, they are both US graduate students now, and Photuris implementation 
has slowed down a lot.  They could use more help from free citizens....


> Wow, thorough indeed. Check the USENIX pages for responses and
> appendices. (Note, you must be a SAGE or USENIX member to gain full
> access.)

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

References:
- IKE/ISAKMP considered harmful
  - From: Du Jinsong <jinsong@internetappliance.com>

Prev by Date: Re: OpenSSH vulnerable to session tampering?
Next by Date: Question: AIC-7896 SCSI driver
Prev by thread: IKE/ISAKMP considered harmful
Next by thread: anoncvs vs cvsup
Index(es):
- Date
- Thread