On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen
wrote:> Richard Atterer wrote:
> >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote:
> > >You might want to check tinc (http://tinc.nl.linux.org)
> > >
> > >
> >
> >I strongly recommend *not* to use tinc.
> ><http://www.securityfocus.com/archive/1/249142> illustrates that
the
> >authors didn't have enough expertise to build a secure tool 2 years
ago.
> >The problems were still present last autumn, see
> ><http://www.mit.edu:8008/bloom-picayune/crypto/14238>. What a
track record!
> >
> >With VPN software, IPSec is the only real option if you want to be
certain
> >it is secure.
> >
> Nice, the first article is based on a alpha version (pre-beta) of tinc,
> you didn't include the official answer.
>
> This sounds alot like FUD, are you the author of a compeditive product?
What about the second link? Perhaps you could have pointed us to TINC's
reply to Gutmann's (the second link) criticisms rather than simply
claiming this is FUD.
Unfortunately, I can only point to the google cache of the TINC's
response since the machine (nl.linux.org) that hosts TINC's website has
been rooted. Anyway, here's the google cache of the response:
http://www.google.ca/search?q=cache:tinc.nl.linux.org/security
Gutmann's criticisms, slightly expanded over his original posting, can
be found here:
http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. I
think an acceptable user-land alternative might be openvpn. I would
have to do more investigation of Gutmann's claims before feeling
comfortable with the other user-land alternatives: tinc, cipe or vtun.
Yours,
Luca
--
Luca Filipozzi
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
Tinc: Discussion list about the tinc VPN daemon
Archive: http://mail.nl.linux.org/lists/
Tinc site: http://tinc.nl.linux.org/