"ISAKMP" flaws?
Steven M. Bellovin
smb at cs.columbia.edu
Tue Nov 15 11:01:02 EST 2005
In message <8764qut02o.fsf at snark.piermont.com>, "Perry E. Metzger" writes:
>
>Some articles have been appearing in various web sites about flaws in
>IPSec key negotiation protocols, such as this one:
>
>http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951916.ht
>ml
>
>I haven't been following the IPSec mailing lists of late -- can anyone
>who knows details explain what the issue is?
Broadly speaking, they're implementation bugs. The folks at University
of Oulu are doing what developers around the world and across the
industry should have been doing: they're writing test case generators
that stress parsers. So far, they've been extremely successful against
IKEv1, ASN.1, SNMP, and more. This should surprise no one and depress
everyone.
http://www.ee.oulu.fi/research/ouspg/protos/index.html is the home page
for this project.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list