* Marsh Ray: > My personal opinion is that IP source addresses are not actually a > particularly strong factor. Here are some reasons:
It really depends on what you're dealing with. Mozilla shouldn't disclose that to the general public, so it's difficult to make good recommendations. >> As a result, extending the IP address restrictions, possibly using >> crypto tunnels such as OpenVPN, are probably a better investment than >> hardware tokens. > > What does a VPN get you that a solid SSL/TLS setup does not? Current malware does not capture OpenVPN keys. Client certificates are sometimes extracted, and are certainly indicative of an interesting target. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
