Monoculture
Guus Sliepen
guus at sliepen.eu.org
Wed Oct 1 17:28:00 EDT 2003
On Wed, Oct 01, 2003 at 04:54:35PM -0400, Thor Lancelot Simon wrote:
> > Uhm, before getting flamed again: by "our own", I don't mean we think we
> > necessarily have to implement something different from all the existing
> > protocols. We just want to understand it so well and want to be so
> > comfortable with it that we can implement it ourselves.
>
> In that case, I don't see why you don't bend your efforts towards
> producing an open-source implementation of TLS that doesn't suck.
We don't want to program another TLS library, we want to create a VPN
daemon.
> If you insist on not using ESP to encapsulate the packets -- which in
> my opinion is a silly restriction to put on yourself; the ESP encapsulation
> is extremely simple, to the point that one of my former employers has a
> fully functional implementation that works well at moderate data rates
> on an 8088 running MS-DOS!
If you read our response, you'd have seen that we plan to make packet
encapsulation in tinc work just like ESP, but optionally allow (parts
of) the IV and HMAC to be omitted.
[...rehash of arguments against doing it yourself...]
We are going to do it ourselves anyway, and maybe (or maybe not) it will
end up as being a simple and clean implementation of one of the
existing, widely peer-reviewed and accepted protocols you mentioned.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20031001/acb2250d/attachment.pgp>
More information about the cryptography
mailing list