1999-09-23-09:59:08 Fabio Rocha:
> But I am not only looking for VPN tunneling, that I would be able to do with
> IPSec on cisco routers as you mentioned.
>
> What I really need is strong user authentication. So we thought in a product
> based on public key cryptography... Private Wire can store the user private
> key on a password protected smartcard, we consider that strong enough for
> our needs. This way, an intruder would have to steal a smart card and also
> the user password which protect the keys inside.
>
> We are open to select another product with the same characteristics... Do
> you have good experiences with any?
I've not looked at smartcards, don't know what's available for them. I
personally strongly prefer hardened hosts; using an allegedly-hardened card
when the host you plug it into cannot be presumed secure just isn't a formula
for success.
I tend to use ssh to let users tunnel in with strong auth and crypto.
As ssh is open source, if there's a smart card implementation you like, I
wouldn't think it'd be hard to graft it in to ssh. And for all I know people
might have grafted smart cards into IPSec tunneling.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
