Ian G
Sun, 04 May 2008 16:57:22 -0700
Perry E. Metzger wrote:
It is obvious to anyone using modern IPSec implementations that their configuration files are a major source of pain. In spite of this, the designers don't seem to see any problem. The result has been that people see IPSec as unpleasant and write things like OpenVPN when the underlying IPSec protocol is just fine and it is the implementations that are unpleasant.
Kerckhoffs' 6th, providing great entertainment for the security world, since 1883.
=====================6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
===================== iangPS: Although his 6th is arguably the most important, his others are well worth considering:
https://www.financialcryptography.com/mt/archives/000195.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]