Date: Wed, 15 Dec 1999 01:59:00 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: jmb@hub.freebsd.org (Jonathan M. Bresler) Cc: tlambert@primenet.com, ragnar@sysabend.org, brett@lariat.org, dscheidt@enteract.com, noslenj@swbell.net, chat@FreeBSD.ORG Subject: Re: dual 400 -> dual 600 worth it? Message-ID: <199912150159.SAA16770@usr08.primenet.com> In-Reply-To: <19991214203024.E1BBC14CC3@hub.freebsd.org> from "Jonathan M. Bresler" at Dec 14, 99 12:30:24 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Now if only IKE/ISAKMP weren't based on clipper chip technology... > > > ???? certain chip vendors chips may be based upon or > include clipper chip (do you know of any?). > > IKE/ISAKMP is not based upon clipper. the leaf fields, the > key escrow and all the rest of it are not part of IKE/ISAKMP. this > statemtne is based upon reading the RFC's, IPSec by naganamd doraswamy > and dan harkins. surely you are not suggesting that KAME has > implemented a software version of clipper chip technology in their > code. Read the December 1999 ";login:" magazine from Usenix, and see the article: IKE/ISAKMP considered harmful William Allen Simpson I quote from the first paragraph following the abstract: The Internet Security Association and Key Management Protocol (ISAKMP) [RFC-2408] framework was originally developed by the United States National Security Agency (NSA) with an ASN.1 syntax from the initial Fortezza (used in teh nefarious clipper chip). The Internet Key Exchange (IKE) [RFC-2409] is a session-key excahnge mechanism that fits alongside Fortezza under its own "Domain of Interpretation" (DOI). He goes on to state that it has "egregious fundamental design flaws", and states that he was administratively prevented from publishing the information in the IETF until after publication of IKE/ISAKMP. It's interesting that OpenBSD has implemented IKE/ISAKMP already. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912150159.SAA16770>