[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Tom's hardware MonoWall
 Date:  Thu, 19 Aug 2004 18:26:32 -0700 (PDT)
On Thu, 19 Aug 2004, Kirk Lane wrote:

> Hey everyone - part 2 is up!
> 
> http://www.tomsnetworking.com/Reviews-162-ProdID-MONOWALL2.php

I note the "to do" staement:

"Of these host/network grouping, secondary WAN interfaces and backup
links, and Certificate Authentication for IPSec VPNs will be the major
features."

It should be noted that supporting RSA keys for IPsec even *without* PKI
certificates would be useful (and considerably simpler), since it's not
only a somewhat more secure keying arrangement, but it also eliminates the
identifier restriction with Main Mode.


BTW, anyone using MD5 instead of SHA might want to take note that MD5 has
been broken:

	http://news.com.com/2100-1002_3-5313655.html

A reduced-round version of SHA-1 has also been broken, but not the full
version normally used.

					Fred Wright