Quoting Peter Jay Salzman ([EMAIL PROTECTED]): > However, it should be pointed out that once someone gets access to your LAN, > even ssh, sshd and gnupg are all suspects.
I can actually speak to this from having lived that situation. Maybe you never visited the CoffeeNet in its heyday. (Web mirror: http://linxumafia.com/coffeenet/) It was a 100% Linux-based Internet cafe in a small two-story building in South of Market, San Francisco. I helped the owner, Richard Couture, build it. He and I lived in the two apartments, upstairs -- plus there was a sort of "community room" at the bottom of the stairs, behind the cafe. The entire building was on real public IP space, using hubs rather than switches (a consequence of the years in question), which all was connected to the Internet over a T1 line. The hubs included ports accessible to the public _inside_ the cafe, where people could plug in laptops. _So_, I lived with the knowledge that my home LAN was utterly public. Therefore, I could not and did not trust the LAN. My point is that this was _not a problem_: Anything that I cared about not being sniffable got encrypted, and I took care of my own nameservers (taking measures to protect them against cache poisoning). While I was at it, I figured: Why not also adopt a model that none of the machines trusts each other, either? This, likewise, proved pretty easy once I got well into the mindset. I still use that model, today: Each of my machines has a "security perimeter" at the edge of its case, and I place no reliance whatsoever on "firewalls" for primary protection. (If memory serves, even at my interior NAT host, the only rulesets I used were ones to reject spoofed packets and certain sorts of broadcasts.) My experience suggests that you're not correct that ssh, sshd, and gnupg all automatically become suspects, in cases like that. To the contrary, they become primary tools. The only complication is that you have to be really careful about key management, in order to foil imposters and MitM attacks. But you should do that, _anyway_. _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech