User interface, security, and "simplicity"
Jacob Appelbaum
jacob at appelbaum.net
Sun May 4 04:15:43 EDT 2008
Perry E. Metzger wrote:
> pgut001 at cs.auckland.ac.nz (Peter Gutmann) writes:
>>> I am left with the strong suspicion that SSL VPNs are "easier to configure
>>> and use" because a large percentage of their user population simply is not
>>> very sensitive to how much security is actually provided.
>> They're "easier to configure and use" because most users don't want to have to
>> rebuild their entire world around PKI just to set up a tunnel from A to B.
>
> I'm one of those people who uses OpenVPN instead of IPSEC, and I'm one
> of the people who helped create IPSEC.
>
> Right now, to use SSH to remotely connect to a machine using public
> keys, all I have to do is type "ssh-keygen" and copy the locally
> generated public key to a remote machine's authorized keys file.
> When there is an IPSEC system that is equally easy to use I'll switch
> to it.
>
> Until then, OpenVPN let me get started in about five minutes, and the
> fact that it is less than completely secure doesn't matter much to me
> as I'm running SSH under it anyway.
>
(As a disclaimer, I've hacked a little on Tunnelblick (the mac os x GUI)
and I've talked at length with the creator of OpenVPN.)
I'm always curious to hear what designers of protocols actually use on a
daily basis. I'm also really curious how said designers evaluate their
choices.
I really like OpenVPN. It's really smooth to setup, it's very easy to
use on the Big Three Platforms.
Have you read the source to OpenVPN? Do you think that it's
cryptographically sound? Is it properly implemented?
I've found some stuff I wonder about and I'm curious if anyone else has?
Regards,
Jacob Appelbaum
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list