[Cryptography] IKE/ISAKMP/IPsec complexity by design
William Allen Simpson
william.allen.simpson at gmail.com
Mon Sep 10 08:09:38 EDT 2018
On 9/9/18 12:17 PM, Randy Bush wrote:
> ipsec implementations are sooooo compatible that someone wrote a
> compiler to deal with the complex and disasterous mess.
>
> https://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
>
Some of us remember that somebody from Boston with a 4-character
surname was known to be communicating with "Other Agency" to
prevent publication of IETF security protocols. And providing the
FBI with information to investigate those of us promoting IETF
security protocols.
Some of us remember that the person (from Boston with a 4-character
surname) who took over the IPsec editor role didn't actually write
his own drafts, and refused to disclose who was writing them.
Has anybody already written an academic (or otherwise) critique of
the complexity of IKE/ISAKMP/IPsec, resulting in difficulty to
implement and deploy?
More information about the cryptography
mailing list