[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Use IPSEC as SSH replacement



      >The argument I've heard
	>most often is that in this and many other cases, there is a
requirement
	>for securing the data all the way to the (configuring) application,
and
	>that our current implementations don't fulfill this requirement.
The

 I have been working on this stuff for the gov't for a while and securing
the data while its in the box is almost more important than having the box
communicate. While I do think that this point of view is extreme, there is
something to be said for it. I think ( although this is definitely off topic
I think it needs to be said) that it is not enough to tell a customer that
your box will encrypt/authenticate his packets and route them through the
appropriate VPN, there should be some assurance that a rogue
application/miscoded interrupt/malicious developer will not cause your box
to start spewing keys over the net