[18949] in cryptography@c2.net mail archive
Re: "ISAKMP" flaws?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Tue Nov 15 14:08:31 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Tue, 15 Nov 2005 10:14:39 EST."
<8764qut02o.fsf@snark.piermont.com>
Date: Tue, 15 Nov 2005 11:01:02 -0500
In message <8764qut02o.fsf@snark.piermont.com>, "Perry E. Metzger" writes:
>
>Some articles have been appearing in various web sites about flaws in
>IPSec key negotiation protocols, such as this one:
>
>http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951916.ht
>ml
>
>I haven't been following the IPSec mailing lists of late -- can anyone
>who knows details explain what the issue is?
Broadly speaking, they're implementation bugs. The folks at University
of Oulu are doing what developers around the world and across the
industry should have been doing: they're writing test case generators
that stress parsers. So far, they've been extremely successful against
IKEv1, ASN.1, SNMP, and more. This should surprise no one and depress
everyone.
http://www.ee.oulu.fi/research/ouspg/protos/index.html is the home page
for this project.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
