On Tue, Mar 08, 2005 at 03:01:50PM +0200, Jonathan Ben Avraham wrote: > Hi Erez, > Since OpenVPN is uses OpenSSL for crypto functions, it's security in terms > of man-in-the-middle attacks should be no less than OpenSSL - which is > pretty good.
Actually it should be: Since OpenVPN is uses OpenSSL for crypto functions, it's security in terms of man-in-the-middle attacks should be no *more* than OpenSSL - which is pretty good. I'm not very much familiar with the design of openvpn's design, but the fact that they use secure primitives does not mean that they did not screw-up when combining them. OpenVPN has been around for a number of years and so far no major issues with it have been found. Though it is not as throughly-analyzed as IPSec. It does seem like the free VPN of choice for most of those who don't want to use IPSec (pptp aside). It does seem easier to set-up and traverse NAT. -- Tzafrir Cohen | New signature for new address and | VIM is http://tzafrir.org.il | new homepage | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | Space reserved for other protocols | friend ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
