[cap-talk] network level designation and authorization
Sandro Magi
smagi at naasking.homeip.net
Thu Jun 8 09:11:39 EDT 2006
coderman wrote:
> On 6/7/06, David Hopwood <david.nospam.hopwood at blueyonder.co.uk> wrote:
>> ...
>> Not to mention that systems which rely solely on "perimeter defence", i.e.
>> protecting an inside from an outside, are extremely brittle. It often takes
>> only one vulnerability to completely bypass a perimeter defence system.
>
> i suppose this is the first item of business: trashing the concept of
> VPN as perimeter defence.
>
> are those unguessable YURL's so unguessable once broadcast over
> wireless? leaked across a sniffed LAN? people mention SSL here, but i
> would argue SSL (in its traditional form: verisign, thawte, etc) is
> just as broken for this purpose as VPN's used for perimeter defense of
> an unprotected interior.
Agreed, but SSL is used only to prevent snooping (and with httpsy,
enable secure introduction); the web-calculus is not dependent on
certificate authorities, so your analogy doesn't quite hold.
Sandro
More information about the cap-talk
mailing list