On Wed, Mar 03, 2004 at 12:18:32AM +0100, I.R. van Dongen wrote: > Richard Atterer wrote: > >On Tue, Mar 02, 2004 at 10:00:58PM +0100, I.R. van Dongen wrote: > > >You might want to check tinc (http://tinc.nl.linux.org) > > > > > > > > > >I strongly recommend *not* to use tinc. > ><http://www.securityfocus.com/archive/1/249142> illustrates that the > >authors didn't have enough expertise to build a secure tool 2 years ago. > >The problems were still present last autumn, see > ><http://www.mit.edu:8008/bloom-picayune/crypto/14238>. What a track record! > > > >With VPN software, IPSec is the only real option if you want to be certain > >it is secure. > > > Nice, the first article is based on a alpha version (pre-beta) of tinc, > you didn't include the official answer. > > This sounds alot like FUD, are you the author of a compeditive product?
What about the second link? Perhaps you could have pointed us to TINC's reply to Gutmann's (the second link) criticisms rather than simply claiming this is FUD. Unfortunately, I can only point to the google cache of the TINC's response since the machine (nl.linux.org) that hosts TINC's website has been rooted. Anyway, here's the google cache of the response: http://www.google.ca/search?q=cache:tinc.nl.linux.org/security Gutmann's criticisms, slightly expanded over his original posting, can be found here: http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt I'm personally in favour of an IPsec VPN using openbsd or linux 2.6. I think an acceptable user-land alternative might be openvpn. I would have to do more investigation of Gutmann's claims before feeling comfortable with the other user-land alternatives: tinc, cipe or vtun. Yours, Luca -- Luca Filipozzi gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]