1996-01-24 - Re: IPSEC == end of firewalls

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Frank Willoughby <frankw@in.net>
Message Hash: d8202bd9bb6c9d334eb0b93fdc8f3d169f3838b01115a5a49b2f9aee990b7370
Message ID: <199601232221.RAA11184@jekyll.piermont.com>
Reply To: <9601232209.AA29864@su1.in.net>
UTC Datetime: 1996-01-24 00:44:20 UTC
Raw Date: Wed, 24 Jan 1996 08:44:20 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 24 Jan 1996 08:44:20 +0800
To: Frank Willoughby <frankw@in.net>
Subject: Re: IPSEC == end of firewalls
In-Reply-To: <9601232209.AA29864@su1.in.net>
Message-ID: <199601232221.RAA11184@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



I won't address the rest of the commentary, but I ought to answer this.

Frank Willoughby writes:
> >> the word "probably" was deliberate.  Kerberos was also thought to be
> >> secure - 'til it was compromised.
> >
> >Kerberos was compromised? When? By whom? Are you talking about
> >Bellovin's paper on weaknesses in Kerberos (most of which are
> >avoidable or fixed in K5), or are you talking about a real break? If
> >the latter, its the first that I've heard of it.
> 
> Actually, I was refering to Bellovin's paper.

Bellovin's paper doesn't list real breaks in Kerberos. It notes
problems, which are real but not fatal and have been largely fixed.

> Surely you don't think
> that the bugs that were discovered are the only ones which can be 
> exploited and that Kerberos (or any other software product) is invincible?
> I don't.  

Look, you clearly made a big claim -- that Kerberos had been
compromised. If you can't back such comments up, don't make such
claims.

.pm





Thread