top | item 13982764

(no title)

analogist | 9 years ago

I think a recurrent concern is OpenVPN's reliance on TLS, and its codebase complexity as a result of being built on OpenSSL--but with far less attention and resources and vuln hunting compared to say, actual browsers. Complexity + lack of auditing person-hours is never a good combo. (See https://twitter.com/tqbf/status/806646188158152705)

Matt Green's audit of OpenVPN, when completed, may lead to more light on the matter. Otherwise, we're just relying on informed intuitions.

discuss

bitexploder|9 years ago

Except all the shenanigans with IPSEC.

https://en.m.wikipedia.org/wiki/IPsec#Alleged_NSA_interferen...

As a "security people" I think me and tptacek could split a great number of hairs and get not too far on this one, but I am open to new info. I know a lot can hide in the complexity of OpenSSL. Maybe the whole thing with IPSEC was to sway us toward OpenVPN likes. Regardless, I still lean slightly towards OpenVPN

But honestly I am out to defeat ad networks. I only aspire to give nation states indigestion (at a mass scale). Individually if a well funded adversary wants any one of us I think they have us.