Firewall Wizards mailing list archives

RE: PPTP viability (was RE: Gauntlet & NTLM)

From: Phil Cox <pcc () llnl gov>
Date: Thu, 16 Oct 1997 08:38:06 -0700

I have received a good number of responses, and I think that I need to make
some clarifications as well.

Clarifications:
1. When I said "classified", this is a POSSIBLE future need, and not
mandatory for the current implementation. I belive that it would be needed
in about a year to a year and a half. The way this industry is flying, that
is a long time, and some maturity should be there for PPTP.

2. This will be US based, so I assumed 128 bit, although I should have
stated it implicitly.

3. The network this will be running on for the proof of concept is an
isolated network, BUT the desire is for is to run over an intranet with
other business data.

4. They want to use NT.

5. The desire is to use as much off the shelf software as possible, as code
time and resources are limited.

6. The people who must maintain this will not be coders, so commercial
support is a plus.

Input so far:

1. PPTP 40-bit (MPPE) is NOT truly adequate for any level of serious
encryption needs.
2. PPTP 128-bit (MPPE) is still flawed. (though no one has given any solid
evidence to this, except to allude to the M$ track record, and current PPTP
40-bit problems)
3. Use SKIP. (There is not NT client/server)
4. Use Hannah. (Big $$, and hard to justify since it is not truly classified)
5. Use Safe Passage. (This is looking the best,due to $, if #2 is bad)
6. Add strong encryption yourself. (This may be possible, but #5 in
clarifications comes into play)

I am still not counting PPTP 128-bit out, but there was a mention of
performance, doe anyone have a pointer to the performance issues? I thought
I saw a thread on this list dealing with that.

Phil

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Computer Incident Advisory Capability (CIAC)    Philip C. Cox
(510)422-8193                                   (510)422-8564
ciac () llnl gov                                   pcc () llnl gov
-------------------------------------------------------------------
PGP Fingerprint : F76C F6B8 E2D4 7796 119A  6263 89A9 3714 E646 93CC

Current thread:

RE: PPTP viability (was RE: Gauntlet & NTLM) Russ (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)
  - RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 17)
  - RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 21)
- <Possible follow-ups>
- Re: PPTP viability (was RE: Gauntlet & NTLM) John McDermott (Oct 17)
  - Re: PPTP viability (was RE: Gauntlet & NTLM) Steve Kruse (Oct 18)