From owner-cvs-all  Wed Jun 20  6: 9:15 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4E76637B403; Wed, 20 Jun 2001 06:09:08 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.3/8.11.3) with SMTP id f5KD8Qf16686;
	Wed, 20 Jun 2001 09:08:27 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 20 Jun 2001 09:08:26 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Brian Somers <brian@Awfulhak.org>
Cc: mi@aldan.algebra.com, kris@obsecurity.org, brian@FreeBSD.org,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
In-Reply-To: <200106182236.f5IMaKh18305@hak.lan.Awfulhak.org>
Message-ID: <Pine.NEB.3.96L.1010620090756.16449H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Mon, 18 Jun 2001, Brian Somers wrote:

> > Security failures can happen in at least two components here: (1) protocol
> > design, and (2) implementation of the protocol.  Microsoft was clearly
> > involved in step (1), and probably heavily influenced step (2) by virtue
> > of their own implementation choices.  In the past, Microsoft has
> > demonstrated their ability to fail in both categories (1) and (2).  That
> > said, both categories of failures are widespread: the SSH protocol has had
> > protocol design failures, and SSH implementations have likewise had
> > implementation errors.
> 
> You're making it all sound terribly bleak... :)

Yeah, being a security person is depressing :-(.

On the other hand, we have endless sources of employment :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message