Firewall Wizards mailing list archives
Re: General security question
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Sun, 12 Nov 2000 12:58:28 -0500
Carson Gaspar wrote:
By the way, as a general rule, a VPN is useless if you don't know anything about the security at the other end. Indeed, the whole notion of doing a secure transaction/data transfer to a site where you don't know anything about the security is kind of dubious.A _minor_ disagreement. A VPN provides privacy up to the partner's demarc. At that point liability for any breach of privacy is the partner's (either on their net, or because they exposed the keying material).
That makes sense if you're interested in butt-covering. If you're actually interested in security, then you've got to take into account the state of the partner's network. Butt-covering's a tactic we have to resort to all too often, at the expense of really doing the right thing, because it's much harder to do the right thing than to almost do the right thing. :) Actually, you can almost break it down into a game-theory style prisoner's dilemma: if you want to do the right thing but any of the other entities involved is just interested in butt-covering, it's provably impossible to do the right thing thereafter. mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Play: http://pubweb.nfr.net/~mjr _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- General security question TDyson (Nov 12)
- Re: General security question Marcus J. Ranum (Nov 12)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 13)
- Re: General security question Carson Gaspar (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 12)
- Re: General security question Jonas Eriksson (Nov 13)
- Re: General security question Todd Joseph (Nov 13)
- Re: General security question Frederick M Avolio (Nov 13)
- Re: General security question Stephen P. Berry (Nov 13)
- <Possible follow-ups>
- RE: General security question Loomis, Rip (Nov 13)
- RE: General security question Jensen, Greg (Nov 13)
- Re: General security question George Capehart (Nov 13)
- Re: General security question daN. (Nov 15)
- Re: General security question Magosányi Árpád (Nov 15)
- Re: General security question George Capehart (Nov 13)
- Re: General security question Marcus J. Ranum (Nov 12)