I think the thing I'll want to use is ECP. Does pppd come with it? On Thu, 2005-03-10 at 14:00, James Carlson wrote: > Christopher Fowler writes: > > Some of these tin-hat people I tell them to simply buy encrypted modems > > that do the encryption between the. Are there anyone out there selling > > good ones anymore? > > Dunno. Google seems to think so: > > http://www.securtelecom.com/Products/Corporate/EncryptionSolutions/encryptionsolutions.htm > > > Th issue is that there are two boxes connected via a modem and using PPP > > for IP traffic. The customer wants to be sure all traffic across that > > phone line is encrypted. > > That's just baffling. So, they are concerned that someone will tap > the telephone line and manage to decode a V.90 data stream, but > they're unconcerned whether the next hop itself (the modem at the > other end) is itself "secure," or that hazards may exist between that > modem and the ultimate packet destination, which may be many hops > away. > > How does that work? > > That's why I was asking about the threat model. It doesn't sound > rational. In the particular case of irrational requests, it tends to > be difficult to design sufficient technical solutions. :-/ > > > Since they use so many network product some > > old those protocol may be plain-text. By having ppp encrypt what it > > sends that would cover any data that travels across. > > Again, ECP and IPsec are likely the best ways to deal with this, > though they solve very different problems. > > ECP solves the PPP link encryption problem. It does *not* help with > any traffic once it's forwarded past that single link. It's therefore > of very limited utility in providing real security. > > IPsec solves the end-to-end problem. It does *not* help if the peer > you're talking to is compromised, but, then, likely nothing other than > scissors will. > > http://www.physics.usyd.edu.au/~matthewa/scissors.pdf
- To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
