[cap-talk] network level designation and authorization
Stephen J. Bevan
stephen at dino.dnsalias.com
Sat Jun 10 22:03:49 EDT 2006
Stiegler, Marc D writes:
> You are correct, authenticated and private communication is essential. I
> see VPNs having little to do with that, actually. I have much less
> reason to be confident I am talking to Joe if Joe and I are instant
> messaging over a VPN through a firewall, than if Joe and I are instant
> messaging with, for example the captp-based Echat program that goes peer
> to peer. The reason I am not confident using the vpn is that Alice, who
> is also behind the firewall through which the vpn tunnels, is sniffing
> all our traffic unencrypted. The fun she can have!
Indeed, but why have VPN terminate on the firewall, instead of on
Joe's PC just like the captp-based Echat program? That is, the VPN
is an IPsec connection between specified ports on specified addressses
on your and Joe's computers. Note I'm not suggesting this is better
than a captp solution, only that I don't think it is worse in the way
you suggest.
More information about the cap-talk
mailing list