Skip to content

Remove all mentions of PPTP #4

yuvadm opened this Issue Oct 8, 2012 · 5 comments

4 participants

CryptoParty member
yuvadm commented Oct 8, 2012

Per remove all mentions of PPTP as it as an unsecure protocol.

CryptoParty member

IMHO removing ALL references may be an error. Maybe leave a notice saying that it is an unsecure protocol?


Presumably this cos of the MS-CHAPv2 single DES break?

If so then it may be worth while mentioning that PEAP-MSCHAPv2 has the same problem with securing wireless networks, tho admittadly thats slightly drifting off topic from what i understand the point of the book to be.

CryptoParty member

Just to explain a bit more about this issue, this is the relevant blog post:

ioerror commented Oct 9, 2012

Please remove PPTP other than a warning of why not to use it and how to evaluate a VPN provider that offers it. If such a provider offers say, OpenVPN, IPSEC with certs and PPTP, the other solutions may be fine but that they offer it is probably a bad sign.

@yuvadm yuvadm was assigned Oct 9, 2012
@pettter pettter added a commit to pettter/handbook that referenced this issue Oct 15, 2012
@pettter pettter Clarify mentions of PPTP to discourage its use (solves issue #4) 5ffe8fa
@yuvadm yuvadm closed this Oct 15, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.