[14390] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Guus Sliepen)
Wed Oct 1 18:13:51 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 1 Oct 2003 23:28:00 +0200
From: Guus Sliepen <guus@sliepen.eu.org>
To: cryptography@metzdowd.com
In-Reply-To: <20031001205435.GA3789@rek.tjls.com>
--o41d8xLWOaLD8vYh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Oct 01, 2003 at 04:54:35PM -0400, Thor Lancelot Simon wrote:
> > Uhm, before getting flamed again: by "our own", I don't mean we think we
> > necessarily have to implement something different from all the existing
> > protocols. We just want to understand it so well and want to be so
> > comfortable with it that we can implement it ourselves.
>=20
> In that case, I don't see why you don't bend your efforts towards
> producing an open-source implementation of TLS that doesn't suck.
We don't want to program another TLS library, we want to create a VPN
daemon.=20
> If you insist on not using ESP to encapsulate the packets -- which in
> my opinion is a silly restriction to put on yourself; the ESP encapsulati=
on
> is extremely simple, to the point that one of my former employers has a
> fully functional implementation that works well at moderate data rates
> on an 8088 running MS-DOS!
If you read our response, you'd have seen that we plan to make packet
encapsulation in tinc work just like ESP, but optionally allow (parts
of) the IV and HMAC to be omitted.
[...rehash of arguments against doing it yourself...]
We are going to do it ourselves anyway, and maybe (or maybe not) it will
end up as being a simple and clean implementation of one of the
existing, widely peer-reviewed and accepted protocols you mentioned.
--=20
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.eu.org>
--o41d8xLWOaLD8vYh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/e0bfAxLow12M2nsRAiqKAKCxlMG3jnFrtdKzFOCTLxJz7Xu8XACfeVqf
b4kTEgHszYkDb10rz2Mx6EE=
=1DtC
-----END PGP SIGNATURE-----
--o41d8xLWOaLD8vYh--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
