17 Dec
2003
17 Dec
'03
11:17 p.m.
Eric Young writes:
Read the SKIP spec (SKIP is Sun's IP level encryption protocol). It uses Diffle-Hellman certificates.
Photuris, which likely will be the standard way to do this sort of thing on top of IPsec, also suffers from the problem, but I suspect the next version of the draft (number 9) will have it fixed. More interesting is the fact that a number of NSA vetted protocols seem to have the flaw. Obviously, they either didn't know or didn't say anything about it to the folks designing such stuff... Perry