Firewall Wizards mailing list archives
Re: General security question
From: Carson Gaspar <carson () taltos org>
Date: Sat, 11 Nov 2000 18:32:05 -0800
--On Saturday, November 11, 2000 12:31 PM -0500 "Marcus J. Ranum" <mjr () nfr com> wrote:
By the way, as a general rule, a VPN is useless if you don't know anything about the security at the other end. Indeed, the whole notion of doing a secure transaction/data transfer to a site where you don't know anything about the security is kind of dubious.
A _minor_ disagreement. A VPN provides privacy up to the partner's demarc. At that point liability for any breach of privacy is the partner's (either on their net, or because they exposed the keying material). Unauthorized access is also the fault of the partner. This may be sufficient for some applications. It certainly was for certain financial apps at a past employer, as the VPN was to protect the customer's data, not ours. So bad security on their part could only hurt them, and we had cover on the PR and legal fronts. By so doing, we _enabled_ secure transactions, but did not _guarantee_ them.
Of course, in such cases you should never re-use keying material between VPNs, and should create your authentication and authorization limits knowing that the remote end may be compromised.
-- Carson Gaspar -- carson () taltos org Queen Trapped in a Butch Body _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- General security question TDyson (Nov 12)
- Re: General security question Marcus J. Ranum (Nov 12)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 13)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 12)
- Re: General security question Jonas Eriksson (Nov 13)
- Re: General security question Todd Joseph (Nov 13)
- Re: General security question Frederick M Avolio (Nov 13)
- Re: General security question Stephen P. Berry (Nov 13)
- <Possible follow-ups>
- RE: General security question Loomis, Rip (Nov 13)
- RE: General security question Jensen, Greg (Nov 13)
- Re: General security question George Capehart (Nov 13)
- Re: General security question daN. (Nov 15)
- Re: General security question George Capehart (Nov 13)
(Thread continues...)
- Re: General security question Marcus J. Ranum (Nov 12)