|
||||||||
On Thu, 19 Aug 2004, Kirk Lane wrote: > Hey everyone - part 2 is up! > > http://www.tomsnetworking.com/Reviews-162-ProdID-MONOWALL2.php I note the "to do" staement: "Of these host/network grouping, secondary WAN interfaces and backup links, and Certificate Authentication for IPSec VPNs will be the major features." It should be noted that supporting RSA keys for IPsec even *without* PKI certificates would be useful (and considerably simpler), since it's not only a somewhat more secure keying arrangement, but it also eliminates the identifier restriction with Main Mode. BTW, anyone using MD5 instead of SHA might want to take note that MD5 has been broken: http://news.com.com/2100-1002_3-5313655.html A reduced-round version of SHA-1 has also been broken, but not the full version normally used. Fred Wright |