> Tyler Durden[SMTP:[EMAIL PROTECTED]] wrote > > > But from your previous email, you indicated that the secure IPSEC tunnel > is > created by taking the packets, encrypting S/A, D/A, payload and protocol > fields (ie, pretty much everything) and then dumping them into the payload > > of another packet, and setting the Protocol field of the parent-packet to > "IPSEC". All that is now visible are the firewall addresses. > > That's a lot, methinks! In other words, there's practically a bright red > flag sticking up saying "I'm encrypted! Look over here!"...it's child's > play > (well, if you consider making an ASIC child's play!) to then look at the > S/A > and D/a to see if they are interesting. If they belong to the IP spaces of > > two large companies, for instance, then look elsewhere (though I hear > rumors > that the NSAs of the world are branching out into industrial eavesdropping > > for their parent companies, ehr, for their parent countries). > > If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some > ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all > sorts > of spyglasses could pop up. > The title of this thread is "What email encryption is actually in use?". I posted that a lot intra-company email often goes over encrypted VPNs between worksites, and that this should be considered in trying to figure out how much email is encrypted.
After some back and forth to educate you on how IPSEC tunneling works, you now understand, but it turns out that that was not what you were interested in. VPNs no more raise a red flag than does any other form of encrypted communication without steganography. If your threat model includes end-point identification, then use alt.anonymous.messages. If traffic analysis is also a worry, use stego. VPNs are probably responsible for more encrypted traffic than anything else on the net, and meet corporate threat models very well. If your threat model is different, you may need a different solution. Peter Trei
