-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Ng, Kenneth (US) [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 07, 1999 9:07 AM
> To: '[EMAIL PROTECTED]'
> Subject: NT Firewalls and Microsoft/NSA back door
>
> While this topic is still evolving, have any of the firewall
> vendors done
> any looking around to see if the Microsoft/NSA back door that
> was revealed
> last week would enable the NSA to blow a hole into their NT
> based firewall
> products or not? And if not, why not?
... and the NSA paranoia continues...
a) I think Bruce Schneier had very good arguments on the USE of that
second key, and
b) that key could only be used for cryptographic routines. If you
base your VPN authentication on certificates only, then this *could*
(although I doubt it) be exploited. If you'd use token in
addition/instead (or even just plain passwords), they could try as
long as they want to get in through the VPN.
c) They would not try as long they want, they would come with a
subpoena or something and knock on your door.
d) If the second key affects only cryptographic routines, how could
someone compromise a firewall on a packet/port level (leaving the VPN
scenario aside)? If ports/protocols are filtered, than that's it.
The only relation I see between second key and firewall would be in
conjunction with a VPN. However, I strongly doubt that this key is
the magic bullet that decodes all encrypted data..
Regards,
Frank
PS: If the conspiracy theory is correct and Microsoft *had* to
include an NSA back door key, who says Checkpoint and Sun and HP and
RedHat and NAI and Axent, etc, didn't have to include one as well???
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred
iQA/AwUBN9XMD0RKym0LjhFcEQJ53QCgz98/lm4NOV8434RGgaDJD6f1O5wAnjbQ
37Ol7jpc8a3xhi6JXbaUeL52
=BLlf
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
