[...]
>The short answer is: put the ecryption into the presentation layer of the
>network, that is where it belongs - see any good book on Networking, for
>example A.S.Tanenbaum ... (You are, of course using the OSI Networking
>model :-0) ?
>
>That way all stuff that needs to go to sites which need encryption will
>get encrypted, or will arrive as garbage if one of the partners cannot
>handle encryption, in which case no classified stuff should get there
>anyway. [...]
Lest anyone think this is impractal, at least 3 componies make devices
that will do this for you. (some even do some rudmantry key managment!)
(please note, I work for UUNET Technologies, so should you desire one of
these devices please do some legwork of your own to find which is best
for you - don't trust me)
UUNET Technologies makes something they call the "LanGuardian", last I
heard anything about speed it had been seen transfering 1.45Mbps of tripple
DES encrypted data sustained for 5 minutes or so. (tripple DES for anyone
who doesn't know is Enc(keyC, Dec(keyB, Enc(keyA, data))) for encryption,
the reverse for decryption, and is beleved to be unbreakable by anyone
but the NSA, and there is anadotal evidence that it is either impossable
for them to break, or very hard) Last I knew this box _also_ requires
a router (i.e. is is not an encrypting router, it's a encryption clamp
you hang on one side of your router - however it's been 8 months since
I knew anything about this, so it may have changed). The LanGuardian
does it's encryption in hardware.
Morningstar makes a less expensiave device that single DESes data at
approxamatly 56Kbps. This device is an encrypting router, it does the
encryption in software, and is less costly then the LanGuardian. I
beleve it can do SLIP and PPP, and can talk to a 56K CSU/DSU.
Both the Morningstar device, and the LanGuardian will transparantly
encrypt any IP traffic. The Morningstar device may or may not handle
nonIP traffic. As of 8 months ago the LanGuardian only did IP traffic
(it could be configured to pass non IP traffic through unharmed, or to
supress it all).
There is a 3rd compony called Paradyne, a former military contractor that
makes some sort of encrypting network device that uses tripple DES, but I
know almost nothing about it.
DEC was roumored to make one.
--
Not speaking for UUNET Technologies
(and my words bear no gaurentee of accuracy, correctness, or the like.
follow them at your own risk)
