Firewall Wizards mailing list archives
Re: IPsec and firewalls
From: carson () tla org
Date: Mon, 9 Feb 1998 12:56:28 -0500 (EST)
"Adam" == Adam Shostack <adam () homeport org> writes:
Adam> Regarding Carson's points about making your firewall a CA, I Adam> think that for any company which has more than a few servers Adam> internally, making the FW a Certification Authority is a mistake. A ... Adam> I suspect that Carson knew this, and misspoke, hitting one of Adam> my pet peeves. :) Nope. I said make it _a_ CA, not _the_ CA. A big difference. The only certs it would be signing are the bogus ones required to spoof SSL. Your browser has to trust it as a CA, so you should make sure it's hard to get at its signing key, but nobody _outside_ your organization should trust it, and you don't have to trust it for signing keys (if your client software is smart enough). "I see...you want to go to https:/www.blackhat.com/nukeme.exe...<fumble fumble fumble> _I'm_ www.blackhat.com. _Really_ I am. You trust me, don't you? <bat, bat, bat> Now let's see if that file passes my toxic waste filters..." -- Carson Gaspar -- carson () cs columbia edu carson () tla org carson () cugc org http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
Current thread:
- Re: encapsulated protocols?, (continued)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 06)
- Re: encapsulated protocols? Mark Horn [ Net Ops ] (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- IPsec and firewalls Aleph One (Feb 07)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Aleph One (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: IPsec and firewalls Adam Shostack (Feb 09)
- Re: IPsec and firewalls carson (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 06)
- Re: encapsulated protocols? Adam Shostack (Feb 04)
- Effect of full disk on logging under FW-1 v 2.1? Bret Watson (Feb 09)
- Re: IPsec and firewalls Ted Doty (Feb 09)
- Re: encapsulated protocols? Aleph One (Feb 07)
- Re: encapsulated protocols? Adam Shostack (Feb 07)
- Re: encapsulated protocols? Larry J. Hughes Jr. (Feb 09)
- Re: encapsulated protocols? Jeromie Jackson (Feb 07)