Hello Denis,
    I would be inclined to treat the protocol skeptically.
Bruce's review just plain scares me. However, looking at the
date on the press release
(http://www.counterpane.com/pptp-pressrel.html) and the date on a
security patch
(http://www.microsoft.com/TechNet/security/bulletin/ms98-012.asp)
dealing with the PPTP protocol, I assume they "fix the problems
identified" (as quoted by the bulletin) with the patch. I am by
no mean a cryptographic expert, and I also admit was unaware of
the patch until now.

Derek

----- Original Message -----
From: "Denis Darveau" <ddarveaugbbk.com>
To: "'Derek'" <derekmrogers.com>
Sent: Tuesday, April 09, 2002 5:40 PM
Subject: Microsoft PPTP (Was: Internet Services Manager)

> Derek,
>
> Can you tell me if that applies to W2K as well or only NT 4 as
mentioned in
> the paper? I am in the process of a large VPN implementation
using the MS
> PPTP client that comes by default with W2K Pro. I am concerned.
>
> Thanks, Denis
>
> Denis Darveau, CISSP, MCSE
> Senior Security Engineer

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]