On Tue, Mar 08, 2005 at 03:01:50PM +0200, Jonathan Ben Avraham wrote:
> Hi Erez,
> Since OpenVPN is uses OpenSSL for crypto functions, it's security in terms 
> of man-in-the-middle attacks should be no less than OpenSSL - which is 
> pretty good.

Actually it should be:

Since OpenVPN is uses OpenSSL for crypto functions, it's security in terms 
of man-in-the-middle attacks should be no *more* than OpenSSL - which is 
pretty good.

I'm not very much familiar with the design of openvpn's design, but the
fact that they use secure primitives does not mean that they did not
screw-up when combining them. 

OpenVPN has been around for a number of years and so far no major issues
with it have been found. Though it is not as throughly-analyzed as IPSec. 
It does seem like the free VPN of choice for most of those who don't want 
to use IPSec (pptp aside). It does seem easier to set-up and traverse NAT.

-- 
Tzafrir Cohen         | New signature for new address and  |  VIM is
http://tzafrir.org.il | new homepage                       | a Mutt's  
[EMAIL PROTECTED] |                                    |  best
ICQ# 16849755         | Space reserved for other protocols | friend

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to