"ISAKMP" flaws?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Nov 17 10:06:43 EST 2005
Florian Weimer <fw at deneb.enyo.de> writes:
>* Perry E. Metzger:
>
>> I haven't been following the IPSec mailing lists of late -- can anyone
>> who knows details explain what the issue is?
>
>These bugs have been uncovered by a PROTOS-style test suite. Such test
>suites can only reveal missing checks for boundary conditions, leading to
>out- of-bounds array accesses and things like that. In other words, trivial
>implementation errors which can be easily avoided using proper programming
>tools.
I feel a need to comment on statements like this... at several times in the
past I've seen people make sweeping generalisation like this, "Everyone knows
about this security weakness, this { paper | article | security alert } isn't
{ novel | interesting | worth publishing }", or some variant thereof (in this
case "these trivial errors are easily avoided").
What makes these statements rather unconvincing is that the majority of all
implementations out there all make these trivial easily-avoided errors (or the
majority of users aren't aware that the well-known problem in the security
alert exists, or whatever). The nicest example I've seen of this was where
the head of a standards working group explained that some obscure feature that
implementors had been getting wrong was so obvious that they'd consciously
omitted putting it in the standard because everyone just magically knew about
it.
In this particular case if the problem is so trivial and easily avoided, why
does almost every implementation (according to the security advisory) get it
wrong?
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list