[18981] in cryptography@c2.net mail archive
Re: "ISAKMP" flaws?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Nov 18 15:33:25 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: perry@piermont.com, cryptography@metzdowd.com
Date: Fri, 18 Nov 2005 10:58:14 +0100
In-Reply-To: <E1EclLX-0004gN-00@medusa01.cs.auckland.ac.nz> (Peter Gutmann's
message of "Fri, 18 Nov 2005 04:06:43 +1300")
* Peter Gutmann:
>>> I haven't been following the IPSec mailing lists of late -- can anyone
>>> who knows details explain what the issue is?
>>
>>These bugs have been uncovered by a PROTOS-style test suite. Such test
>>suites can only reveal missing checks for boundary conditions, leading to
>>out- of-bounds array accesses and things like that. In other words, triv=
ial
>>implementation errors which can be easily avoided using proper programming
>>tools.
>
> I feel a need to comment on statements like this... at several times
> in the past I've seen people make sweeping generalisation like this,
> "Everyone knows about this security weakness, this { paper | article
> | security alert } isn't { novel | interesting | worth publishing }",
Touch=E9.
> or some variant thereof (in this case "these trivial errors are
> easily avoided").
Of course, the relevance of a bug and how easily it could have been
avoided are completely different matters. I mainly wanted to point
out that there is no new cryptography involved.
> What makes these statements rather unconvincing is that the majority
> of all implementations out there all make these trivial
> easily-avoided errors
They have chosen different trade-offs, focusing on performance,
time-to-market and things like that. It's hard enough to create an
ISAKMP implementation that works at all.
> In this particular case if the problem is so trivial and easily
> avoided, why does almost every implementation (according to the
> security advisory) get it wrong?
How many completely independent implementations are there?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
