Firewall Wizards mailing list archives
RE: PPTP viability (was RE: Gauntlet & NTLM)
From: Phil Cox <pcc () llnl gov>
Date: Thu, 16 Oct 1997 08:38:06 -0700
I have received a good number of responses, and I think that I need to make some clarifications as well. Clarifications: 1. When I said "classified", this is a POSSIBLE future need, and not mandatory for the current implementation. I belive that it would be needed in about a year to a year and a half. The way this industry is flying, that is a long time, and some maturity should be there for PPTP. 2. This will be US based, so I assumed 128 bit, although I should have stated it implicitly. 3. The network this will be running on for the proof of concept is an isolated network, BUT the desire is for is to run over an intranet with other business data. 4. They want to use NT. 5. The desire is to use as much off the shelf software as possible, as code time and resources are limited. 6. The people who must maintain this will not be coders, so commercial support is a plus. Input so far: 1. PPTP 40-bit (MPPE) is NOT truly adequate for any level of serious encryption needs. 2. PPTP 128-bit (MPPE) is still flawed. (though no one has given any solid evidence to this, except to allude to the M$ track record, and current PPTP 40-bit problems) 3. Use SKIP. (There is not NT client/server) 4. Use Hannah. (Big $$, and hard to justify since it is not truly classified) 5. Use Safe Passage. (This is looking the best,due to $, if #2 is bad) 6. Add strong encryption yourself. (This may be possible, but #5 in clarifications comes into play) I am still not counting PPTP 128-bit out, but there was a mention of performance, doe anyone have a pointer to the performance issues? I thought I saw a thread on this list dealing with that. Phil - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Computer Incident Advisory Capability (CIAC) Philip C. Cox (510)422-8193 (510)422-8564 ciac () llnl gov pcc () llnl gov ------------------------------------------------------------------- PGP Fingerprint : F76C F6B8 E2D4 7796 119A 6263 89A9 3714 E646 93CC
Current thread:
- RE: PPTP viability (was RE: Gauntlet & NTLM) Russ (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 21)
- <Possible follow-ups>
- Re: PPTP viability (was RE: Gauntlet & NTLM) John McDermott (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Steve Kruse (Oct 18)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)