Date: Wed, 15 Dec 1999 00:51:40 -0400 From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> To: Terry Lambert <tlambert@primenet.com> Cc: "Jonathan M. Bresler" <jmb@hub.freebsd.org>, ragnar@sysabend.org, brett@lariat.org, dscheidt@enteract.com, noslenj@swbell.net, chat@FreeBSD.ORG Subject: Re: dual 400 -> dual 600 worth it? Message-ID: <38571E5C.8D7CBA05@vangelderen.org> References: <199912150159.SAA16770@usr08.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert wrote: > > > Now if only IKE/ISAKMP weren't based on clipper chip technology.. It's said to see someone like you issue such a FUDish statement. IKE may have it's problems but this has nothing to do with it's 'Clipper heritage'. > Read the December 1999 ";login:" magazine from Usenix, and see > the article: > > IKE/ISAKMP considered harmful > William Allen Simpson > > I quote from the first paragraph following the abstract: > > The Internet Security Association and Key Management > Protocol (ISAKMP) [RFC-2408] framework was originally > developed by the United States National Security > Agency (NSA) with an ASN.1 syntax from the initial > Fortezza (used in teh nefarious clipper chip). The > Internet Key Exchange (IKE) [RFC-2409] is a session-key > excahnge mechanism that fits alongside Fortezza under > its own "Domain of Interpretation" (DOI). > > He goes on to state that it has "egregious fundamental design > flaws", and states that he was administratively prevented from > publishing the information in the IETF until after publication > of IKE/ISAKMP. This reinforces my comments above. And if you quote the *relevant* sections of the document it will become even clearer... > It's interesting that OpenBSD has implemented IKE/ISAKMP already. What are you trying to say? Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38571E5C.8D7CBA05>