Firewall Wizards mailing list archives
Re: PPTP viability (was RE: Gauntlet & NTLM)
From: Steve Kruse <jsk347 () worldnet att net>
Date: Sat, 18 Oct 1997 18:19:04 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John: I'm going to go out on a limb here, but unless things have changed significantly since I left the USN, the answer would be...NO. The encryption used in the BorderGuard is (max) 128 bit, which is pretty secure to be sure, however no CLASSIFIED (as in US Government) data could be used with it. All classified transmissions require the use of KG equipment running NSA implemented algorithms, keys etc. The Government does use BorderGuards at various sites to pass Unclassified but sensitive traffic. Some foreign countries may consider the BorderGuard to be adequate for their military / government applications, I think. But in the US I don't believe this to be the case. They do have exportable versions of both DES (for financial applications) as well as 40bit export. And they have a person who is dedicated to handling all of the export issues located in Minneapolis on staff. Hope this helps. Flames Ignored! Comments welcome! Steve At 01:46 PM 10/15/97 +0000, John McDermott wrote:
Adam, My understanding is that there is an exception to rules 1 & 2. If
you or
someone else can correct me, please do so. I believe that the
crypto in
the Network Systems Borderguard router is a) usable for data
classified as
Secret or below, 2) exportable and 3) from a US company. They have
the
appropriate license, as I understand it, to export the router with
the
strong crypto. This is not a solution for some situations, but may work for
Phillip's
application. --john --- On Wed, 15 Oct 1997 09:17:30 -0400 (EDT) Adam Shostack <adam () homeport org> wrote:Philip Cox wrote: | 1. Is PPTP a viable option for sensitive or possibly classified
level
| encryption? Simple rule of cryptography 1: If its exportable from the US, don't use it. Corollary to rule 1: Buy cryptography from reputable sources
outside
the US. Simple rule of cryptography number 2: If you have data thats US Government classified on your network, you have a site security officer, who can introduce you to the man from Ft Meade, who will
give
you the right cryptographic tools for what you want, or tell you it cant be done. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume-----------------End of Original Message----------------- ------------------------------------- Name: John McDermott VOICE: 505/377-6293 FAX 505/377-6313 E-mail: John McDermott <jjm () jkintl com> Writer and Computer Consultant -------------------------------------
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNEk1INIk6V3CiVjTEQIc5QCgpUnRHKqw3N7SOvopXZmLS12NMMEAoLFT UDK9QohM5nNjop5iUIyT1lvh =VRmA -----END PGP SIGNATURE----- ***************************************************** * Steve Kruse Milkyway Networks * * Network Systems Engineer 1342 E. Vine St. #224 * * 407-847-8977 Voice Kissimmee, FL 34744 * * 407-847-7203 Fax http://www.milkyway.com * *****************************************************
Current thread:
- RE: PPTP viability (was RE: Gauntlet & NTLM) Russ (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 21)
- <Possible follow-ups>
- Re: PPTP viability (was RE: Gauntlet & NTLM) John McDermott (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Steve Kruse (Oct 18)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)