[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec



At 09:16 AM 2/3/2000 -0500, Mr. Anderson wrote:

>Building a very secure tunnel mode first, which
>is easily managed, sustainable, and not subject to every
>future kiddie script-style hack is 'key'.

I have thought about this for over a year and have realized this was one of 
our design FLAWS.

We designed for gateways instead of end systems.  End systems don't need 
tunnels, they only need warpping.  In part we took this approach because, 
'it will take too long to update the end systems'.  But proxy services 
could have handled this in the interim.

Now we have and industry of gateway systems that need technology that 
advances their core business models.

The trick is how to rebuild the bridge while using it.


Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com


References: