On Thu, 1 May 2008, zooko wrote:
I would think that it also helps if a company publishes the source
code and complete verification tools for their chips, such as Sun has
done with the Ultrasparc T2 under the GPL.
To be sure that implementation does not contain back-doors, one needs
not only
Steven M. Bellovin wrote:
On Sat, 03 May 2008 17:00:48 -0400
Perry E. Metzger [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Peter Gutmann) writes:
I am left with the strong suspicion that SSL VPNs are easier to
configure and use because a large percentage of their user
population simply is not
On Sat, 2008-05-03 at 23:35 +, Steven M. Bellovin wrote:
There's a technical/philosophical issue lurking here. We tried to
solve it in IPsec; not only do I think we didn't succeed, I'm not at
all clear we could or should have succeeded.
IPsec operates at layer 3, where there are
Jacob Appelbaum [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
Until then, OpenVPN let me get started in about five minutes, and the
fact that it is less than completely secure doesn't matter much to me
as I'm running SSH under it anyway.
[...]
I'm always curious to hear what designers of
A group member asked me to elaborate on:
- No knowledge of which groups can be successfully authenticated is
known to the verifier
What this tries to say is that the verifier doesn't need to have a list of
all authenticable groups nor can the verifier draw any conclusions about
other
On Sun, 4 May 2008, Scott Guthery wrote:
One useful application of the Katz/Sahai/Waters work is a counter to traffic
analysis. One can send the same message to everyone but ensure that only a
defined subset can read the message by proper key management. What is less
clear is how to ensure
On Sat, May 03, 2008 at 07:50:01PM -0400, Perry E. Metzger wrote:
Steven M. Bellovin [EMAIL PROTECTED] writes:
There's a technical/philosophical issue lurking here. We tried to
solve it in IPsec; not only do I think we didn't succeed, I'm not at
all clear we could or should have
Perry E. Metzger wrote:
It is obvious to anyone using modern IPSec implementations that their
configuration files are a major source of pain. In spite of this, the
designers don't seem to see any problem. The result has been that
people see IPSec as unpleasant and write things like OpenVPN when
To be sure that implementation does not contain back-doors, one needs
not only some source code but also a proof that the source code one
has is the source of the implementation.
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine
Thor Lancelot Simon [EMAIL PROTECTED] writes:
On Sat, May 03, 2008 at 07:50:01PM -0400, Perry E. Metzger wrote:
I disagree. Fundamentally, OpenVPN isn't doing anything IPSEC couldn't
do, and yet is is fairly easy to configure.
And yet there's no underlying technical reason why it is any
Marcos el Ruptor [EMAIL PROTECTED] writes:
To be sure that implementation does not contain back-doors, one needs
not only some source code but also a proof that the source code one
has is the source of the implementation.
Nonsense. Total nonsense. A half-decent reverse engineer does not
11 matches
Mail list logo