Perry E. Metzger wrote:
It is obvious to anyone using modern IPSec implementations that their
configuration files are a major source of pain. In spite of this, the
designers don't seem to see any problem. The result has been that
people see IPSec as unpleasant and write things like OpenVPN when the
underlying IPSec protocol is just fine and it is the implementations
that are unpleasant.
Kerckhoffs' 6th, providing great entertainment for the
security world, since 1883.
=====================
6. Finally, it is necessary, given the circumstances that
command its application, that the system be easy to use,
requiring neither mental strain nor the knowledge of a long
series of rules to observe.
=====================
iang
PS: Although his 6th is arguably the most important, his
others are well worth considering:
https://www.financialcryptography.com/mt/archives/000195.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
