LISTSERV - HP3000-L Archives

HP3000-L Archives

December 2000, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 2000, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: TCP/IP Networking And RF Connections
From:	Mark Bixby <[log in to unmask]>
Reply To:	Mark Bixby <[log in to unmask]>
Date:	Fri, 22 Dec 2000 08:30:12 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (43 lines)

Jeff Kell wrote:
>
> [log in to unmask] wrote:
> > Jeff Kell writes:
> > >  If QCTerm and CSY want to keep with the times, you should look
> > > beyond classic telnet into ssh, unless VPN connectivity surpasses
> > > it.
>
> > While I had to read Jeff's sentence twice, I ultimately came to agree with
> > it. If I were to guess, hard security for host-terminal connections is most
> > likely going to be accomplished by putting some sort of wrapper around the
> > entire conversation, essentially converting every link into a VPN. That's the
> > really easy way to upgrade security. It leaves all existing communications
> > protocols (HTTP, FTP, telnet, etc.) untouched, completely compatible with all
> > "legacy" uses, without having anyone on either end, host or terminal, being
> > required to change anything.
>
> VPNs are growing, but largely for internet usage.  SSH is a big hit in
> the intranet realm.  My opinions come from recent support of it in
> Linux world, open source versions, and I think it may have leaked into
> Reflection (they did Kerberos the last revision or two).  Even Cisco
> now provides ssh access to their routers in newer sofrware.  VPNs can
> be embedded in the clients, but from the host standpoint it is largely
> an external black box, or hardware card in a router.  It is largely a
> question of inter- vs intra-net deployment, both are vying for their
> position.

The problem with SSH is that special clients and servers are required.

It's a far cleaner solution to do security transparently at the IP transport
layer so that no applications have to be modified.  This is the VPN approach.
As was pointed out in another message in this thread, there are several VPN
protocols to choose from.  I think IPsec will eventually predominate here, and
that it would be cool if MPE could support IPsec some day.

FWIW, Windows 2000 supports IPsec, so I want to applaud Microsoft (gasp!) for
doing the right thing in this area.

- Mark B. (using IPsec every day to commute to Cupertino)
--
[log in to unmask]
Remainder of .sig suppressed to conserve scarce California electrons...

ATOM RSS1 RSS2

RAVEN.UTC.EDU