On Tuesday 25 October 2011, Jason Grout wrote: > On 10/25/11 10:40 AM, Martin Albrecht wrote: > > Jason asked me off list to jump in because I work in crypto. Btw. I am > > actually don't work in network security so I am not really an expert on > > the matter. But for what it's worth, I have never heard of the protocol. > > > > I took a quick look at the website and there are serious people behind > > the tcpcrypt (on the "about us" website). > > > > However, from the website it seems, tcpcrypt doesn't guarantee privacy in > > the default setting except against passive attackers, i.e. those which > > can only listen but not control traffic on the network. But if there is > > a shared secret such as a password, it can optionally use > > authentication. > > Thanks for weighing in. I was thinking of your SSL vulnerability paper > [1] when I thought of your name connected with current network security > protocols.
SSH :) > I'll file tcpcrypt in my "interesting; let's see where it goes" list. I asked a colleague and it seems the general consensus seems to be that the design is solid. They also had a USENIX paper, which would also imply a certain quality. However, you'll have to decide whether the "opportunistic encryption" is sufficient for you or check how hard it is to integrate it into the authentication mechanisms already in place. Cheers, Martin -- name: Martin Albrecht _pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99 _otr: 47F43D1A 5D68C36F 468BAEBA 640E8856 D7951CCF _www: http://martinralbrecht.wordpress.com/ _jab: martinralbre...@jabber.ccc.de -- To post to this group, send an email to sage-devel@googlegroups.com To unsubscribe from this group, send an email to sage-devel+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-devel URL: http://www.sagemath.org
