"ISAKMP" flaws?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Nov 18 22:31:58 EST 2005
William Allen Simpson <wsimpson at greendragon.com> writes:
>So, where is the community to replace ISAKMP with something more robust?
Already happened, unfortunately it's diverged into three different branches:
- VPN hardware vendors replaced it with "management tunnels", typically things
like single-DES-encrypted backdoors with no message integrity or message
flow integrity protection and 8-character uppercase-only passwords.
- Open source folks replaced it with OpenVPN.
- The remaining user base replaced it with on-demand access to network
engineers who come in and set up their hardware and/or software for them and
hand-carry the keys from one endpoint to the other.
I guess that's one key management model that the designers never
anticipated... I wonder what a good name for this would be, something better
than the obvious "sneakernet keying"?
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list