Re: PPTP viability (was RE: Gauntlet & NTLM)

[Steve Kruse <jsk347 () worldnet att net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John:

I'm going to go out on a limb here, but unless things have changed 
significantly since I left the USN, the answer would be...NO.  The 
encryption used in the BorderGuard is (max) 128 bit, which is pretty 
secure to be sure, however no CLASSIFIED (as in US Government) data 
could be used with it.  All classified transmissions require the use 
of KG equipment running NSA implemented algorithms, keys etc.  The 
Government does use BorderGuards at various sites to pass 
Unclassified but sensitive traffic.  Some foreign countries may 
consider the BorderGuard to be adequate for their military / 
government applications, I think.  But in the US I don't believe this 
to be the case.  

They do have exportable versions of both DES (for financial applications)
as well as 40bit export.  And they have a person who is dedicated to
handling all of the export issues located in Minneapolis on staff.  Hope
this helps.  

Flames Ignored!  Comments welcome!

Steve

At 01:46 PM 10/15/97 +0000, John McDermott wrote:
> Adam,
> My understanding is that there is an exception to rules 1 & 2.  If 
you or 
> someone else can correct me, please do so.  I believe that the 
crypto in 
> the Network Systems Borderguard router is a) usable for data 
classified as 
> Secret or below, 2) exportable and 3) from a US company.  They have 
the 
> appropriate license, as I understand it, to export the router with 
the 
> strong crypto.
>
> This is not a solution for some situations, but may work for 
Phillip's 
> application.
>
> --john
> --- On Wed, 15 Oct 1997 09:17:30 -0400 (EDT)  Adam Shostack 
> <adam () homeport org> wrote:
>
> > Philip Cox wrote:
> >
> > | 1. Is PPTP a viable option for sensitive or possibly classified 
level
> > | encryption?
> >
> > Simple rule of cryptography 1: If its exportable from the US, don't
> > use it.
> >
> > Corollary to rule 1: Buy cryptography from reputable sources 
outside
> > the US.
> >
> > Simple rule of cryptography number 2: If you have data thats
> > US Government classified on your network, you have a site security
> > officer, who can introduce you to the man from Ft Meade, who will 
give
> > you the right cryptographic tools for what you want, or tell you it
> > cant be done.
> >
> > Adam
> >
> >
> > -- 
> > "It is seldom that liberty of any kind is lost all at once."
> >                                                     -Hume
>
> -----------------End of Original Message-----------------
>
> -------------------------------------
> Name: John McDermott
> VOICE: 505/377-6293 FAX 505/377-6313
> E-mail: John McDermott <jjm () jkintl com>
> Writer and Computer Consultant
> -------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNEk1INIk6V3CiVjTEQIc5QCgpUnRHKqw3N7SOvopXZmLS12NMMEAoLFT
UDK9QohM5nNjop5iUIyT1lvh
=VRmA
-----END PGP SIGNATURE-----

*****************************************************
* Steve Kruse               Milkyway Networks       *
* Network Systems Engineer  1342 E. Vine St. #224   *
* 407-847-8977 Voice        Kissimmee, FL 34744     *
* 407-847-7203 Fax          http://www.milkyway.com *
*****************************************************