[Ach] OpenVPN and ACH

L. Aaron Kaplan aaron at lo-res.org
Thu Feb 19 16:55:40 CET 2015

On Feb 19, 2015, at 4:53 PM, Alexander Wuerstlein <arw at cs.fau.de> wrote:

> On 2015-02-19T16:26, Aaron Zauner <azet at azet.org> wrote:
>> Hi,
>> L. Aaron Kaplan wrote:
>>> No, I disagree. Not mentioning OpenVPN and the issues you are seeing 
>>> makes the guide *weaker* than having it in there with *clear* warnings.
>>> Why? Because people will use OpenVPN *anyway*.
>>> No matter if you remove the OpenVPN section or not.
>>> Better to have a clear message on this.
>> [...]
>> I do see OpenVPN as a security concern, and have for quite some time.
>> There are better alternatives [...]
> There are better alternatives to OpenVPN? I'm currently unaware of any
> usable OpenSource software that would do the same (i.e. routed VPN via
> plain TCP or UDP connections).


Please enlighten us, azet, in case you know something so widely deployed, superior in daily operations and compatible and flexible.

I guess we should simply document what shortcomings we see right now and, whenever there is a new version of OpenVPN which is better from the bettercrypto standpoing, update the document again.

My 2 pragmatic cents,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20150219/de5ea4ed/attachment.sig>

More information about the Ach mailing list