On Thu, 9 Oct 2003, Peter Gutmann wrote:

> I would add to this the observation that rather than writing yet another SSL
> library to join the eight hundred or so already out there, it might be more
> useful to create a user-friendly management interface to IPsec implementations
> to join the zero or so already out there.  The difficulty in setting up any
> IPsec tunnel is what's been motivating the creation of (often insecure) non-
> IPsec VPN software, so what'd be a lot more helpful than (no offense, but) yet
> another SSL implementation is some means of making IPsec easier to use
> (although that may not be possible... OK, let's say "less painful to use" :-).

Having spent much of the past few weeks trying to sort out a workable VPN
solution, I think this is a good but doomed idea. http://vpn.ebootis.de/
has the best free windows IPsec configuration tool I've found, but that
doesn't help. Why? Because IPsec traffic is not TCP traffic and therefore
gets dropped by random networks.

If you want a VPN that road warriors can use, you have to do it with
IP-over-TCP. Nothing else survives NAT and agressive firewalling, not even
Microsoft PPTP.

If someone out there wants to write VPN software that becomes widely used,
then they should make a free IP-over-TCP solution that works on Windows
and Linux which uses password authentication.

Peter Clay                                         | Campaign for   _  _| .__
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://www.ukcdr.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to