1996-01-23 - Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path , Dependency, IPSEC, Cyberdog, and the Melting of Mr.)

Header Data

From: attila <attila@primenet.com>
To: Nelson Minar <nelson@santafe.edu>
Message Hash: a6ebecfcb2ac058b7a17e46a32dade1d35476f5f255f8843f6f8039f164365c2
Message ID: <Pine.BSD.3.91.960123052304.13897C-100000@usr2.primenet.com>
Reply To: <199601230159.SAA00256@nelson.santafe.edu>
UTC Datetime: 1996-01-23 05:36:12 UTC
Raw Date: Mon, 22 Jan 96 21:36:12 PST

Raw message

From: attila <attila@primenet.com>
Date: Mon, 22 Jan 96 21:36:12 PST
To: Nelson Minar <nelson@santafe.edu>
Subject: Re: IPSEC == end of firewalls (was Re: (fwd) e$: PBS NewsHour, Path , Dependency, IPSEC, Cyberdog, and the Melting of Mr.)
In-Reply-To: <199601230159.SAA00256@nelson.santafe.edu>
Message-ID: <Pine.BSD.3.91.960123052304.13897C-100000@usr2.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain

    reply from attila:

	I agree there will be "universal" secrecy --there will always 
    someone who manages to decode one or two "signatures" including 
    handshakes, and spoofs them, after burying the sucker machine in
    response commands so it has a chance to grab the handshaking.

	a little group effort, a couple of fast machines to
    coordinate the attack, and rest just might be history.  seems
    to me both Netscape and the abominable creature from the 
    Pacific Northwest said they could not be broken....

	Personally, I think NSA has figured out how to break PGP --
    enough specialized DSPs and prime factoring tables on magneto-
    optical disks can go along way.  If you have traffic both ways,
    you have the hash as well.

	dropping Phil accomplished two basic things: a cheap give-
    away to look good in public; and, they avoided defending ITAR
    in court  --and the ninth circuit can be pretty cranky on the
    Bill of Rights  --they don't follow Washington's line too 

On Mon, 22 Jan 1996, Nelson Minar wrote:

> rah@shipwright.com (Robert Hettinga) writes:
> [interesting article about the future, which includes..]
> >The reason we won't need LANs is because the only real difference between a
> >LAN and the internet is a firewall for security, and the need for clients
> >to speak Novell's TCP/IP-incompatible proprietary network protocol.  With
> >internet-level encryption protocols like the IETF IPSEC standard, you won't
> >even need a firewall anymore.  The only people who can establish a server
> >session with *any* machine connected to the net will be those issuing the
> >digital signatures authorized to access that machine, no matter where those
> >people are physically. When that happens, networks will need to be as
> >public as possible, which means, of course, TCP/IP, and not Netware.
> I'm all for the end of ridiculous non-TCP/IP protocols, but does
> anyone believe this point about encrypted IP traffic eliminating the
> need for firewalls?
> I guess I don't trust the ability for people to keep secrets secret.
> Nothing like refusing to pass packets at all..

    go not unto usenet for advice, for the inhabitants thereof will say:
      yes, and no, and maybe, and I don't know, and fuck-off.
_________________________________________________________________ attila__

    To be a ruler of men, you need at least 12 inches....
    There is no safety this side of the grave.  Never was; never will be.