Re: Setting up VPN's

To: Debian-Security <debian-security@lists.debian.org>
Subject: Re: Setting up VPN's
From: Jamie Lawrence <jal@jal.org>
Date: Fri, 16 May 2003 13:04:10 -0500
Message-id: <20030516180410.GY4093@jal.clueinc.net>
Mail-followup-to: Debian-Security <debian-security@lists.debian.org>
In-reply-to: <20030516161622.GB23935@unblinking-eye.lcs.mit.edu>
References: <20030516153401.GA23935@unblinking-eye.lcs.mit.edu> <Pine.LNX.4.44.0305161737150.25953-100000@capitanata.ca.astro.it> <20030516161622.GB23935@unblinking-eye.lcs.mit.edu>

On Fri, 16 May 2003, Noah Meyerhans wrote:

> I don't think it's possible to *need* opportunistic encryption.  By its
> very nature it's unreliable.  You have no guarantee that you've got an
> IPsec session with a given host, so you really can't rely on
> opportunistic encryption to provide you with any security.

Very true.

The point of opportunistic encryption is to increase the use of IPsec
net-wide. The general idea being that, if two random hosts can, they
should without manual intervention. I think this is a great goal, in
the general sense, much like opportunistic compression to save
bandwidth, as seen in such things as mod_gzip for Apache.

-j

-- 
Jamie Lawrence                                        jal@jal.org
Give a man a match, and he'll be warm for a minute, but set him on 
fire, and he'll be warm for the rest of his life.

Reply to:

References:
- Re: Setting up VPN's
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Setting up VPN's
  - From: Giacomo Mulas <gmulas@ca.astro.it>
- Re: Setting up VPN's
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: Could sudo be an security issue?
Next by Date: /etc/hosts on a router
Previous by thread: Re: Setting up VPN's
Next by thread: Re: Setting up VPN's
Index(es):
- Date
- Thread