LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2001, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2001, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: IPSec for MPE
From:	Michael Gueterman <[log in to unmask]>
Reply To:	Michael Gueterman <[log in to unmask]>
Date:	Mon, 19 Feb 2001 00:46:00 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (116 lines)

Hi Ken (et. al.),

  Yes, IPSEC will be one of the SIGWeb SIB items to go forward, but we
do need someone to "champion" the item.  PFG, if you're willing to do
so, it basically entails someone putting their name to the item as well
as providing a few sentences for a business case (which at least in
part, Ken has already supplied :)  As I couldn't attend the meeting :(,
Tom Brandt and OnOn Hong took care of getting the items for the SIB as
well as some notes.  Within a day or two I should have everything
together to put on the SIGWeb mailing list, and at that point I'm
planning on asking for "champions" for each item that doesn't already
have one.  We'll have between three and five items in total.  I'm going
on record as championing Samba/iX encryption, so that leaves the rest.
So, how about it?

Regards,
Michael L Gueterman
Easy Does It Technologies
SIGWeb Co-Chair
http://www.editcorp.com
voice: (888) 858-EDIT -or- (573) 368-5478
fax:   (573) 368-5479
--

-----Original Message-----
From: "Sletten Kenneth W KPWA" <[log in to unmask]>
To: "Pasty Face Gangster" <[log in to unmask]>, HP3000-
[log in to unmask]
Date: Sun, 18 Feb 2001 20:10:18 -0800
Subject: RE: IPSec for MPE

> PFG @ yahoo asked:
>
> > Has IPSec been implemented on MPE yet.  I have the
> > need to ftp files from a vendor to one of our 3K's.
> > The only way our vendor will let us do it is via an
> > IPSec tunnel.
>
> Mark B. already gave the current answer:  No.
>
> I will add that this specific subject was discussed at some
> length during SIGWEB at SIG3000 last week, and I believe
> we had a general consensus of attendees that IPSec was the
> "preferred solution" (Even though Bruce Schneier of Applied
> Cryptography fame (now of www.counterpane.com) has a
> number of reservations about the current implementation of
> IPSec (overall complexity to manage and implement), he and
> at least one of his collaborators also say that IPSec is a lot
> better than anything else out there right now in this specific
> area;  and that they hope future revisions will improve the
> overall implementation).
>
> Of course I leave it to Michael Gueterman to publish the final
> post-SIG3000 SIGWEB list, and I did not take extensive notes
> during SIGWEB.   But IIRC we collectively agreed to modify
> what was SIGWEB "pre-SIG3000" Item # 11 ("Provide
> standard encryption / decryption of files for transfer over a
> network using ftp, etc.").  My recollection of the mod (which
> may not be exactly the way the "official" rendition of the mod
> comes out) was that it was going to specifically mention
> TELNET in addition to FTP;  and at least mention IPSec as
> the "leading candidate" for a solution.
>
> <vested_interest_alert>:
> Assuming specific mention of IPSec comes up on a SIGWEB
> ballot item, I urge all to consider voting for this enhancement:
> Even if you do not need it right now, it is a strategic hole in the
> HP 3000 offering that needs to be filled;  and soon:  Without
> going into details that I can't go very far in to, large segments
> of Government are likely to get considerably more restrictive
> in the near future;  and essentially reach the same state as
> PFG's vendor:  The only way FTP and TELNET will be allowed
> outside a local firewall is via an IPsec tunnel;  compliance
> will NOT be optional.  If the e3000 cannot do this, there will
> be one more check-box that cannot be checked;  when
> comparing e3000 to NT, etc....  and existing systems will face
> the prospect of inserting another intermediate NT box and / or
> partially disconnecting from even semi-local internal networks
> (definition of "semi-local" cannot be more precisely defined in
> this forum).
>
> A port of IPSec to the e3000 is probably a "cross-SIG" issue
> between SIGWEB and SIGMPE, but I don't particularly care
> which SIG list it comes up on, as long as I get a chance to
> vote for it somewhere....   :-)
>
> Not-a-SIDEBAR:  During the SIGWEB@SIG3000 meeting,
> HP pointed out that another benefit of doing encryption at the
> transport / IP level was that all applications (HP and end-user)
> can get the benefit WITHOUT having to be modified in any
> way (a huge advantage, IMO).  That is not the case with other
> options such as Kerberos, etc. (HP also mentioned that
> implementing Kerberos in the real world had a high level of
> complexity for the application).
>
> I further second Wirt's original motion (somewhere in a recent
> email): If an IPSec port to the e3000 is accomplished, that the
> initial version at least be fully compatible with the Micro$oft
> IPSec version that is bundled with Windows2000.  That should
> take care of 95+ percent of the current e3000 user base...
>
> Michael has not specifically called for a "user champion" for
> the SIGWEB items, but if someone with more knowledge than
> I have in this area (many of you, no doubt) does not speak up
> and a champion is necessary to keep IPSec from dropping
> off the list, I will try and fill that roll.....  but since I have
> all the
> items from the TurboIMAGE and HPSQL ballots to process
> and make ready for voting, I really, *really* hope someone
> else more qualified than I am will sign up as "champion" for
> the IPSec item;  if said champion is still needed...  How about
> you, PFG ????....    :-)
>
> Ken Sletten
>

ATOM RSS1 RSS2

RAVEN.UTC.EDU