Thursday May 12, 2005 Bill Sommerfeld's Weblog
Still Under Construction. Watch for falling objects
Thursday May 12, 2005
Old News (encryption without integrity protection may not yield confidentiality) As one of Sun's IPsec developers, I've been getting queries regarding a recent advisory from a UK agency regarding common mistakes made when configuring IPsec-based VPN tunnels. This advisory has gotten some press coverage, but isn't really news.
I first heard about it from Steve Bellovin at the IETF meeting in
Danvers, Massachusetts over 10 years ago; he subsequently published "Problem Areas for the IP Security Protocols" describing this flaw.
And, if you try to set this up using Solaris's IPsec, you get warned:
# ifconfig ip.tun0 plumb encr_algs aes
ifconfig: WARNING - tunnel with only ESP and potentially no authentication.
I hope other vendors will add similar warnings now..
(2005-05-12 14:46:24.0)
Permalink
Comments [1]
Calendar
| « May 2005 » | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 13 | 14 | ||
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | ||||
| Today | ||||||
RSS Feeds
All
/General
/IETF
/IPsec
/Music
/OpenSolaris
/Solaris
Search
Links
- Team IPsec
- Bill Sommerfeld
- Dan McDonald