From owner-freebsd-chat  Tue Dec 14 20:52:41 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from cypherpunks.ai (cypherpunks.ai [209.88.68.47])
	by hub.freebsd.org (Postfix) with ESMTP id 4811115381
	for <chat@FreeBSD.ORG>; Tue, 14 Dec 1999 20:52:35 -0800 (PST)
	(envelope-from jeroen@vangelderen.org)
Received: from vangelderen.org (hoefnix.ai [209.88.68.215])
	by cypherpunks.ai (Postfix) with ESMTP
	id CC44945; Wed, 15 Dec 1999 00:52:33 -0400 (AST)
Message-ID: <38571E5C.8D7CBA05@vangelderen.org>
Date: Wed, 15 Dec 1999 00:51:40 -0400
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
X-Mailer: Mozilla 4.61 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Terry Lambert <tlambert@primenet.com>
Cc: "Jonathan M. Bresler" <jmb@hub.freebsd.org>, ragnar@sysabend.org,
	brett@lariat.org, dscheidt@enteract.com, noslenj@swbell.net,
	chat@FreeBSD.ORG
Subject: Re: dual 400 -> dual 600 worth it?
References: <199912150159.SAA16770@usr08.primenet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Terry Lambert wrote:
> > > Now if only IKE/ISAKMP weren't based on clipper chip technology..

It's said to see someone like you issue such a FUDish statement. IKE
may have it's problems but this has nothing to do with it's 'Clipper
heritage'.

> Read the December 1999 ";login:" magazine from Usenix, and see
> the article:
> 
>         IKE/ISAKMP considered harmful
>         William Allen Simpson
> 
> I quote from the first paragraph following the abstract:
> 
>         The Internet Security Association and Key Management
>         Protocol (ISAKMP) [RFC-2408] framework was originally
>         developed by the United States National Security
>         Agency (NSA) with an ASN.1 syntax from the initial
>         Fortezza (used in teh nefarious clipper chip).  The
>         Internet Key Exchange (IKE) [RFC-2409] is a session-key
>         excahnge mechanism that fits alongside Fortezza under
>         its own "Domain of Interpretation" (DOI).
> 
> He goes on to state that it has "egregious fundamental design
> flaws", and states that he was administratively prevented from
> publishing the information in the IETF until after publication
> of IKE/ISAKMP.

This reinforces my comments above. And if you quote the *relevant* 
sections of the document it will become even clearer...

> It's interesting that OpenBSD has implemented IKE/ISAKMP already.

What are you trying to say?

Cheers,
Jeroen
-- 
Jeroen C. van Gelderen - jeroen@vangelderen.org
Interesting read: http://www.vcnet.com/bms/ JLF


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message