-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Dries" == Dries Schellekens <gwyllion@ulyssis.org> writes:
    >> On Tue, Nov 15, 2005 at 01:37:04PM +0100, Dries Schellekens
    >> wrote:
    >> 
    >>> OpenBSD has audited their IKE parsing code early 2004 and thus
    >>> is not vunerable:
    >>> http://marc.theaimsgroup.com/?l=openbsd-misc&m=113199092403670&w=2
    >> Is this merely their claim, or do they pass the test suite?

    Dries> Sigh. The answer is in the URL above ;(

    Dries> "I just tested our isakmpd(8) implementation against the
    Dries> PROTOS test suite.  No problems were detected.  ...  I also
    Dries> ran the PROTOS suite against tcpdump -vvv and saw no
    Dries> problems." (dixit Chad Loder)

  btw, you have to set up a PSK for the PROTOS suite to be useful.
  I suspect that a number of people did not do that. We also were able
to get the PROTOS suite to core dump....

  So, running against tcpdump is not that interesting, since it can not
effectively ever be aware of the shared key. (IKEv2 will make that
better)

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


  
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBQ34Py4CLcPvd0N1lAQKQCQf/Y3o6yEbkAaUEpKJ8QgRGEGVGXrMea5sw
iPLe5hHr5P+8SmkSn4b1bKUAc9R9ilJN1kGlhzyKkpxJHQ3wJKkV/mjworl1YSpH
bLOf2MKcocU3+978ZOYMJn8qvAynM/zZBxaJxsY+RiOfev3+CWEPTpmPE9hmJgby
+bdQMPqCbWkTofXBYFE4SpjN98fA67+lf9+7oAkaVs4Ovmxu2A7tCHf52TWLn7l5
jILui9i4wb6smZpi9f4qtW4UuYLRWqY/i7JMWvQd4xD74iKu0nFBhxpzwE3zQFXp
c5WCX8P9iA5T2W2QyDcjKGRy5wTDA1j6/jP3yvytv+vcc0lHngKUYA==
=8dOP
-----END PGP SIGNATURE-----