Date: Fri, 29 May 1998 17:11:37 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Tunneling Message-ID: <199805292111.RAA14302@brain.zeus.leitch.com> In-Reply-To: Philippe Regnauld's message of "Fri, May 29, 1998 17:39:09 %2B0200" regarding "Re: FreeBSD Tunneling" id <19980529173909.62558@deepo.prosa.dk> References: <01bd8afd$5fdb2bc0$8a8266ce@violet.eznets.canton.oh.us> <Pine.BSF.3.95.980529083731.12234B-100000@orion.webspan.net> <19980529173909.62558@deepo.prosa.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Fri, May 29, 1998 at 17:39:09 (+0200), Philippe Regnauld wrote: ] > Subject: Re: FreeBSD Tunneling > > Regarding interoperability: > > http://www.rsa.com/rsa/SWAN/swan_test.htm The most interesting and curious thing revealed to even an outsider by the interoperability reports presented on this page is that ISAKMP/Oakley just doesn't seem to interoperate. (Although I'm sure it must be a mistake the table even claims that major ISAKMP products don't interoperate with each other....) Given what I've seen of the complexity, I've no doubt why early implementations don't interoperate either. SKIP, on the other hand, is apparently widely available, and reasonably widely interoperable. There are at least two or three SKIP implementations not mentioned in the table that I know interoperate with at least Sun's PC SKIP client, and of course with themselves. One thing I have learned about IPSec in my recent wanderings is that I've never seen anything so error prone to create and manage and as difficult to prove correct as "security associations". What a brain-dead concept. At any significant degree of complexity you'd have to live with a network sniffer plugged into your brain for weeks before you could give any reasonable degree of assurance that your network was still safe and secure. Is anyone out there writing tools (eg. filters for NFR) that will prove that a given VPN configuration is what it is supposed to be? -- Greg A. Woods +1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805292111.RAA14302>