PPP Encryption ?(was old thread Gauntlet & NTLM)

[Phil Cox <pcc () llnl gov>]

I have been asking on the ntsecurity mailing list about PPTP
(specifically), and the encryption portion. I read the spec, which refered
to PPP for the encryption portion. I then read the PPP RFC, and saw NO
reference to encryption, only compression. I receive the following
responses, and it is only muddying the water :

> From ntsecurity:

AFAIK PPTP uses MPPE and there is some weird use of the compression field. 

> From the past mail thread on wizards:

The draft does not mention encryption because the encryption is not
PPTP-specific. PPTP tunnels PPP frames, and PPP has its own ways to
do encryption. MPPE is a non-standard one, but others can be added.
Single DES is standardized, for instance. There's also an RFC that
explains how to add proprietary schemes.

The current RFCs for PPP encryption are somewhat limited, you get DES
and triple DES. That's about it. 


SO my question (statement) is:

PPTP draft points to PPP for the encryption support. The PPP RFC does NOT
address encryption. There are other RFC's (i.e. MPPE) which use the PPP
compression field to support encryption over PPP links.

Please someone correct any problems with the above statement.

TIA,

Phil Cox


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Incident Advisory Capability (CIAC)    Philip C. Cox
(510)422-8193                                   (510)422-8564
ciac () llnl gov                                   pcc () llnl gov
-------------------------------------------------------------------
PGP Fingerprint : F76C F6B8 E2D4 7796 119A  6263 89A9 3714 E646 93CC