On Wed, 4 Apr 2001, Ron Morita wrote:
> Does anyone know about tunneling software which proxies snmp through
> the firewall using https for encrypted transmission over the Internet?
you can do that, or use what's properly designed to do it: smtp+tls
ftp://ftp.isi.edu/in-notes/rfc2487.txt
Network Working Group P. Hoffman
Request for Comments: 2487 Internet Mail Consortium
Category: Standards Track January 1999
SMTP Service Extension for Secure SMTP over TLS
1. Abstract
This document describes an extension to the SMTP service that allows
an SMTP server and client to use transport-layer security to provide
private, authenticated communication over the Internet. This gives
SMTP agents the ability to protect some or all of their
communications from eavesdroppers and attackers.
this works in sendmail 8.11 and beyond, postfix, qmail, exchange, and a
few other major products. it also allows you to do authentication of your
smtp clients (ie mobile users) for relaying.
here's some docs for sendmail:
http://www.sendmail.org/~ca/email/starttls.html
in a nutshell, you must have ESMTP support for both the client and the
server, and begin a TLS session before anything else happens (ie
negitiation of the sender or recipient). once a successful session starts
(you can force it, you can allow a graceful failure, etc ..) the whole
session is encrypted, everything.
tunneling, ie with ssh or https, is the wrong way to do it.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
