[Cryptography] IKE/ISAKMP/IPsec complexity by design

Florian Weimer fw at deneb.enyo.de
Wed Oct 3 16:57:00 EDT 2018

* Paul Wouters:

> Your critique would be weak. A simpler yet still overly complicated
> protocol like TLS has now been broken like 3 times or more. Not to
> mention it has only seen serious PFS deployment for just a few meagre
> years, whereas IKE/IPsec has done PFS for decades. IKE/IPsec might be
> an old work horse, but it is _still_ getting the job done securely.

I have yet to see a large-scale IPsec deployment where users cannot
attack each other by impersonating the gateway.

Of course, that's not the fault of the IPsec protocol as standardized
by the IETF because the IETF refused to cover that use case.  But if
the protocol does not match user requirements and users start looking
for dodgy alternatives, that should tell us something about the
protocol, too.

More information about the cryptography mailing list