Date: Wed, 20 Jun 2001 09:08:26 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Brian Somers <brian@Awfulhak.org> Cc: mi@aldan.algebra.com, kris@obsecurity.org, brian@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c Message-ID: <Pine.NEB.3.96L.1010620090756.16449H-100000@fledge.watson.org> In-Reply-To: <200106182236.f5IMaKh18305@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Jun 2001, Brian Somers wrote: > > Security failures can happen in at least two components here: (1) protocol > > design, and (2) implementation of the protocol. Microsoft was clearly > > involved in step (1), and probably heavily influenced step (2) by virtue > > of their own implementation choices. In the past, Microsoft has > > demonstrated their ability to fail in both categories (1) and (2). That > > said, both categories of failures are widespread: the SSH protocol has had > > protocol design failures, and SSH implementations have likewise had > > implementation errors. > > You're making it all sound terribly bleak... :) Yeah, being a security person is depressing :-(. On the other hand, we have endless sources of employment :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010620090756.16449H-100000>