Flaw Found in VPN Crypto Security

peeon writes "CNET reports the British National Infrastructure Security Coordination Centre has discovered a flaw in IPSEC protocol. From the article: 'The flaw, which the NISCC rates as "high" risk, makes it possible for an attacker to intercept IP packets traveling between two IPsec devices. They could then modify the encapsulation security payload--a subprotocol that encrypts the data being transported.'"

Re:end-to-end

[tomstdenis]

No, I think well thoroughly documented [no less than 900 pages] of gibberish on every-step-of-the-way-from-start-to-end-encryption -and authentication ... is much better..

simple people. Challenge response + salts + cipher + MAC == much simpler and likely more secure.

If you wanna have fun look at 802.16e it's like 950 pages and specifies dozens of encode methods for the data [e.g. FSK, BFSK, QAM] ...

So it has 16 modes to transmit it... let's see what the hardware will do... oh right THE BARE ASS MINIMUM!

So why don't these smart and overly intelligent folks on standards committees just specify ONLY the minimum and let people have their own extensions? E.g.

Broadcom 802.16 + Broadcom-super-plus

and

Linksys 802.16 + Linksys-max!

[or whatever]...

AT the very least they have 802.16 at the base so the two products can talk... and if their admendmends are good you turn it into a new standard [not one huge god forsaken hard to read and remember 950 page behemoth].

Of course that's just my opinion and I'm right.

Tom