Philip Mullis wrote: > As Bill stated IPSEC is a good way,if your uber paranoid other flavours > of vpn pptp etc.. not so good as the initial handshakes can be capture > then you can have a man-in-the-middle scenario, weve been use IPSEC here > for over a year and I can testify to its solidness, we use it to connect > all our international offices.
It would be nice for a protocol level solution rather then resorting to IPsec which is a PITA for most people most of the time. I love to some extent how smtp has evolved especially in respect to TLS and opportunistic encryption. Yes it's not perfect in terms of active attacks, but it's perfect to prevent the type of attack that is getting the most media at the current time, ie NSA intercepting all packets hitting US border routers. Actually there was an article recently about exit TOR nodes that only accept specific ports/types of services and speculation about secret services in different countries intercepting unencrypted protocols like pop3/smtp etc. -- Best regards, Duane http://www.freeauth.org - Enterprise Two Factor Authentication http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
