> If anyone has a reference ... Not a reference, but some history —
Microsoft’s point-to-point tunneling protocol version 1.0 was a miserable failure. Version 2.0 closed up many of those holes and was widely regarded as secure, except for a configuration option which was on by default: “Enable backwards compatibility.” So to exploit a PPTP 2.0 connection, you just had to connect and give it a 1.0 handshake, at which point it would fall back into an insecure mode. The protocol was secure: you just had to configure it correctly. The server was correctly implemented. It’s just that it was shipped in a completely broken state, most system administrators didn’t know it and/or didn’t check it, and as a result it was pretty much useless. A secure protocol must be used correctly in order to provide communications security. Too often people completely lose sight of that and don’t even introduce it into their discussions. So — discuss. If you use ssh and trust it, how do you know that you’re using it correctly? How do you know the people who connect to your system are? Etc.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
