Christopher Fowler writes: > Some of these tin-hat people I tell them to simply buy encrypted modems > that do the encryption between the. Are there anyone out there selling > good ones anymore?
Dunno. Google seems to think so: http://www.securtelecom.com/Products/Corporate/EncryptionSolutions/encryptionsolutions.htm > Th issue is that there are two boxes connected via a modem and using PPP > for IP traffic. The customer wants to be sure all traffic across that > phone line is encrypted. That's just baffling. So, they are concerned that someone will tap the telephone line and manage to decode a V.90 data stream, but they're unconcerned whether the next hop itself (the modem at the other end) is itself "secure," or that hazards may exist between that modem and the ultimate packet destination, which may be many hops away. How does that work? That's why I was asking about the threat model. It doesn't sound rational. In the particular case of irrational requests, it tends to be difficult to design sufficient technical solutions. :-/ > Since they use so many network product some > old those protocol may be plain-text. By having ppp encrypt what it > sends that would cover any data that travels across. Again, ECP and IPsec are likely the best ways to deal with this, though they solve very different problems. ECP solves the PPP link encryption problem. It does *not* help with any traffic once it's forwarded past that single link. It's therefore of very limited utility in providing real security. IPsec solves the end-to-end problem. It does *not* help if the peer you're talking to is compromised, but, then, likely nothing other than scissors will. http://www.physics.usyd.edu.au/~matthewa/scissors.pdf -- James Carlson <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-ppp" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
