[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20051125232924.GB3809@melpomene.jschipper.dynalias.net>
Date: Fri Nov 25 23:29:37 2005
From: j.schipper at math.uu.nl (Joachim Schipper)
Subject: IPsecurity theater
On Fri, Nov 25, 2005 at 12:55:39PM -0800, coderman wrote:
> Check Point, Cisco, Juniper, * now know that one open port is too
> many. ISAKMP is a 0day slut.
>
> details on fully out of band key management desired; a virtual private
> network SHOULD not process / accept any packet that is not authentic
> and private.
>
> in ipsec esp/transport//require ah/transport//require;
>
> ---
>
> why do all key daemons suck?
While I'm not too sure what you mean, doesn't manual keying solve this
problem?
Joachim
Powered by blists - more mailing lists