Firewall Wizards mailing list archives
PPTP viability (was RE: Gauntlet & NTLM)
From: Philip Cox <pcc () llnl gov>
Date: Tue, 14 Oct 1997 18:45:20 -0700
At 08:50 AM 10/14/97 -0400, Marcus J. Ranum wrote:
Ah! That's an interesting situation. Does anyone actually *implement* the PPP RFCs for security? I know that there are all kinds of useful things in the RFC but I don't think, for example, that my W95 PPP stack supports encryption.
It is my understanding that when you add the PPTP patch to W95, then PPP encryption (along with other things) becomes "supported". An aside. I have a situation in which I am seriously considering using PPTP because it is availible today*. This would be in a sensitive and possibly classified environment. The desire is to have mutual authentication of client and server, along with traffic encryption. I have an off the shelf app which is a client-server model, and I don't (can't) modify the app for say SSL support. I would be interested in any current WORKING implementations of network layer (host network layer that is, not encrypting routers) or transport layer (no app mods needed) secure communications. I have been trying to think if some, but am drawing a blank, except PPTP. I would like comments on two specific points: 1. Is PPTP a viable option for sensitive or possibly classified level encryption? 2. If PPTP is not, what are the other options. ( I can think of 2, encrypting routers, or code mods to support SSL) Phil * As opposed to L2TP or IPSEC for out of the box support
[A general class of security problems occurs when one layer rests on another and the lower layer's security properties have not yet been implemented or contain flaws. I can imagine an un-funny situation in which PPTP doesn't do encryption and authentication because that's PPP's problem, and PPP doesn't do encryption because that's IPSEC's problem, and IPSEC isn't available.] mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Gauntlet & NTLM Richard Trott (Oct 13)
- <Possible follow-ups>
- RE: Gauntlet & NTLM Linwood Ferguson (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Aleph One (Oct 14)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Kent Crispin (Oct 21)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- Re: Gauntlet & NTLM (PPTP weekness) Chris Boscolo (Oct 15)
- Re: Gauntlet & NTLM (PPTP weekness) Ge' Weijers (Oct 15)
- RE: Gauntlet & NTLM Aleph One (Oct 13)