Re: Attacks on IPsec
From: Mike Amling (nospam_at_nospam.com)
Date: 05/18/05
- Next message: Mike Amling: "Re: perfect security"
- Previous message: Mike Amling: "Re: Public disclosure of discovered vulnerabilities"
- In reply to: Gregory G Rose: "Re: Attacks on IPsec"
- Next in thread: David Wagner: "Re: Attacks on IPsec"
- Reply: David Wagner: "Re: Attacks on IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 May 2005 20:50:22 GMT
Gregory G Rose wrote:
> Oh, yes, if you use ESP, it automatically has
> integrity protection. But it's perfectly allowable
> to negotiate the NULL integrity algorithm.
This is why security software should not be as configurable as the
average committee thinks it should be.
For another example, the choice of encryption algorithm negotiated in
SSL can be None. Admittedly, that option is off by default in the only
browser I've checked (Netscape).
--Mike Amling
- Next message: Mike Amling: "Re: perfect security"
- Previous message: Mike Amling: "Re: Public disclosure of discovered vulnerabilities"
- In reply to: Gregory G Rose: "Re: Attacks on IPsec"
- Next in thread: David Wagner: "Re: Attacks on IPsec"
- Reply: David Wagner: "Re: Attacks on IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
