Firewall Wizards mailing list archives
Re: IPsec and firewalls
From: carson () tla org
Date: Sat, 7 Feb 1998 19:56:40 -0500 (EST)
"Aleph" == Aleph One <aleph1 () dfw dfw net> writes:
Aleph> and RCS1826). I was just talking to someone about this at USENIX. I see a Aleph> market for someone that implements and ISAKMP daemon that supports Aleph> transfering keys to a trusted third party. Of curse this brings you all Aleph> the same headackes that Kerberos does having to maintain a secured machine Aleph> with possible all session keys but hopefully your firewall maintains that Aleph> level of security so it should not add many more risks. Probably any such Aleph> protocols between the ISAKMP server and the firewall should be standarized Aleph> by a RFC. Anyone have any comments? _Every_ authentication scheme relies on a trusted 3rd party of some sort. The only question is who is trusted, and when that trust must be validated. If you make your proxy/firewall/nat/whatever a trusted CA, you can proxy just about anything, including stripping ActiveX from HTTP over SSL sessions. I agree that it would be nice for this "trusted spoofing" or "friendly man in the middle" approach to be designed in rather than reverse-engineered. -- Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
Current thread:
- encapsulated protocols? Mark Horn [ Net Ops ] (Feb 03)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 06)
- Re: encapsulated protocols? Mark Horn [ Net Ops ] (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- IPsec and firewalls Aleph One (Feb 07)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Aleph One (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Adam Shostack (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Effect of full disk on logging under FW-1 v 2.1? Bret Watson (Feb 09)
- Re: IPsec and firewalls Ted Doty (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 07)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- Re: encapsulated protocols? Larry J. Hughes Jr. (Feb 09)