Maybe getting a little OT, but you could use racoon, on *BSD at least, and have a different key pair for each side of the data transfer, that automatically re-keys at a specified time period. So you would end up having to compromise 3 key pairs total to get at your data (1 for IKE phase 1, and 1 pair each for each side of the security association).
You could then use gpg to encrypt the data on tape. :) Drew On Tue, 2003-12-30 at 10:38, Gregor Ibic wrote: > I would say, encrypt it on a lower layer like IPSEC. > > regards, > gregor > > > > Intelicom d.o.o. > Security software company > http://www.intelicom.si > email: [EMAIL PROTECTED] > > >
