[cap-talk] network level designation and authorization
John Carlson
john.carlson3 at sbcglobal.net
Wed Jun 7 23:53:26 EDT 2006
On Jun 7, 2006, at 8:04 PM, coderman wrote:
> are those unguessable YURL's so unguessable once broadcast over
> wireless? leaked across a sniffed LAN? people mention SSL here, but i
> would argue SSL (in its traditional form: verisign, thawte, etc) is
> just as broken for this purpose as VPN's used for perimeter defense of
> an unprotected interior.
I don't think that people are referring to SSL in it's traditional
form. From what
I've seen, they prefer stuff like self signed certificates...a lot
like SSH and GPG.
Automating the building of trust is what's hard.
VPN with a virus/malware sniffer on traffic may be secure for many
purposes.
I guess the question becomes, is VPN deployable to everyone you want to
communicate with? From what I've seen, maintaining more than one VPN
connection to different sites can be problematic... maybe those
problems have
been solved. I've never used VPN--I don't trust it. I believe you
need some
kind of POLA system on your machine outside to insure that the internal
network remains safe. Since I download a lot of software, I tend to
avoid
connection to my company's network. Other people who don't download
so much software may feel more secure connecting to a VPN. But what
about that word document you got from a friend? Can you trust that?
John
More information about the cap-talk
mailing list