From owner-cvs-all  Mon Jun 18 12:17:11 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 342C837B406; Mon, 18 Jun 2001 12:17:06 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5IJGVf90639;
	Mon, 18 Jun 2001 15:16:31 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 18 Jun 2001 15:16:31 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: mi@aldan.algebra.com
Cc: kris@obsecurity.org, brian@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c         fsm.h ip.c mppe.c ppp.8 pred.c
In-Reply-To: <200106181644.f5IGig097507@misha.privatelabs.com>
Message-ID: <Pine.NEB.3.96L.1010618151428.88082H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On Mon, 18 Jun 2001 mi@aldan.algebra.com wrote:

> > Only if you trust microsoft not to have screwed up the crypto, like
> > they usually do with their protocols. 
> 
> Well, I'm only planning to use the FreeBSD implementation of the
> protocol, which, was done from scratch and audited. Or was it not?

Security failures can happen in at least two components here: (1) protocol
design, and (2) implementation of the protocol.  Microsoft was clearly
involved in step (1), and probably heavily influenced step (2) by virtue
of their own implementation choices.  In the past, Microsoft has
demonstrated their ability to fail in both categories (1) and (2).  That
said, both categories of failures are widespread: the SSH protocol has had
protocol design failures, and SSH implementations have likewise had
implementation errors.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message