Subject: Re: widespread IKE bugs
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Michael Richardson <mcr@marajade.sandelman.ca>
List: tech-security
Date: 11/18/2005 12:29:08
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Steven" == Steven M Bellovin <smb@cs.columbia.edu> writes:
Steven> many different implementations of IKE. OpenSWAN is one of
Steven> the affected code bases. Does anyone know if NetBSD or KAME
To be clear: provided that you knew a PSK, and the receiver had enabled
aggressive mode, you were able to cause an assertion failure.
We were contacted by NISCC about this in advance, but the NDA-like
document that they wanted us to sign meant that we basically couldn't
have committed any fixes to our public tree, and they could extend the
blackout date essentially for-ever without consultation.
i.e. unworkable to us.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ34PYoCLcPvd0N1lAQJYgwf/X357cY+RlE+iM7eRh8lrWKsaOwPwI0VD
pCLx2E2cX5HtV4uyR8BN/m86g79lJF4Eegb9ER8fuM5ucXc73f57Vf3gbQStobGD
xPamRScXyXumi4H7rVRm6fleEyUrWfAVDMs0mt73rG34FehH/8vSAD5Xr6bi2BYS
zLOiRbuIiBtDpZBMgT7khqpN0zRtQzohHnPMI/lSwC8c2Jqonx+Hu1gW/Ewxmo/R
Tt2m7pZwcv+N6+1b2ktZ3HgS3JXDbabWcb0cT3gBL8Ks/YnqTrixbBgfhbgHci7W
A05LvPq+osu46QSya1+UkcHxl0UsaNG7xfptGsGIyVMO9QL/wTATbA==
=3qWH
-----END PGP SIGNATURE-----