From owner-cvs-all  Mon Jun 18 15:38:38 2001
Delivered-To: cvs-all@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9A50737B401; Mon, 18 Jun 2001 15:38:29 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.11.4/8.11.4) with ESMTP id f5IMaLF16557;
	Mon, 18 Jun 2001 23:36:21 +0100 (BST)
	(envelope-from brian@lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f5IMaKh18305;
	Mon, 18 Jun 2001 23:36:20 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200106182236.f5IMaKh18305@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Robert Watson <rwatson@FreeBSD.org>
Cc: mi@aldan.algebra.com, kris@obsecurity.org, brian@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.org> 
   of "Mon, 18 Jun 2001 15:16:31 EDT." <Pine.NEB.3.96L.1010618151428.88082H-100000@fledge.watson.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 18 Jun 2001 23:36:20 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> 
> On Mon, 18 Jun 2001 mi@aldan.algebra.com wrote:
> 
> > > Only if you trust microsoft not to have screwed up the crypto, like
> > > they usually do with their protocols. 
> > 
> > Well, I'm only planning to use the FreeBSD implementation of the
> > protocol, which, was done from scratch and audited. Or was it not?
> 
> Security failures can happen in at least two components here: (1) protocol
> design, and (2) implementation of the protocol.  Microsoft was clearly
> involved in step (1), and probably heavily influenced step (2) by virtue
> of their own implementation choices.  In the past, Microsoft has
> demonstrated their ability to fail in both categories (1) and (2).  That
> said, both categories of failures are widespread: the SSH protocol has had
> protocol design failures, and SSH implementations have likewise had
> implementation errors.

You're making it all sound terribly bleak... :)

> Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org      NAI Labs, Safeport Network Services

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message