LISTSERV - HP3000-L Archives

HP3000-L Archives

August 1997, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 1997, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Work from home - ideas?
From:	Bruce Toback <[log in to unmask]>
Reply To:	Bruce Toback <[log in to unmask]>
Date:	Sun, 10 Aug 1997 09:34:57 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (46 lines)

John Alleyn-Day writes:

>it's
>impossible to find a place on the net, except at your ISP, where anyone can
>guarantee to intercept all (or even any) of your messages (and if you can't
>trust your ISP, all bets are off)

With IP encryption, all bets are NOT off. That's the reason for using it.
If there's a bent employee at an ISP, it really is trivial for them to
capture a large amount of traffic and filter it for goodies. With
end-to-end IP encryption, you don't have to worry about the bottlenecks
at either end.

However, I agree with the contention that the big Internet security risk
isn't the network, but the hosts that are connected to it. If your
expensive, carefully-planned Netscape Commerce Server setup has a
guessable root password and lives directly on the Internet, that's a much
bigger security hole than someone at your ISP seeing unencrypted
transactions. Similarly, the risk to secrecy of email communications is
partly at store-and-forward locations, but mostly at the endpoints.

Incidentally, one thing a consultant can do to reduce the small risk of a
bent ISP (or the even smaller risk of someone listening at a switch
point) is to get a PPP account with the same ISP the client is using. For
large ISPs like Netcom and PSINet, the data will never go outside the
provider's network. From a practical point of view, the security
improvement is slight. However, it may allay fears of a security problem
and thus permit the use of a much more economical data communication
alternative.

Personally, I'm much more worried about what the recipient might do with
any data I send than I am about anyone intercepting it in transit.

-- Bruce

--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
btoback AT optc.com                |     -- Edna St. Vincent Millay
Unsolicited mail to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.

ATOM RSS1 RSS2

RAVEN.UTC.EDU