Re: Internet Tunnel Question

• To: cprince@mfi.com (Prince, Cheryl)
• Subject: Re: Internet Tunnel Question
• From: Chuck Yerkes <Chuck@yerkes.com>
• Date: Wed, 6 Dec 1995 18:48:09 -0500 (EST)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <9511058182.AA818203175@mfi.com> from "Prince, Cheryl" at Dec 5, 95 02:39:35 pm

ANS has offered something like this for years.  Sun has something similiar.
Basically, you wrap each packet in encryption and send it on.  While it
CAN be intercepted, the kys would have to be known.

Three issues:
  Public key encryption costs (in computing) about 100 times more than
shared key encryption (like DES).  In a WAN environment, a shared key
is very feasible.
  The place I used to work was using it (DES) over their WAN between
the UK and US three years ago.

  Two years ago, someone came out with a free PGP based version (SW/IPE
- SoftWare IP Encryption) that could easily be added to most BSD Unix
kernels.  It's free, it worked there is no support. bad choice for a
big business.

  I would imagine that DEC is saying that only they have done it well,
etc, etc, and charging a bunch.

  There is a lot of competition.  The main issue is do you want to use
the Internet as a WAN.  I would say no.  Now, do you want to use an ISP
as a "WAN"?

  Now every ISP's service has plummetted over the last year or two.  I
won't name names of companies with I've had BAD experiences with, but
I'm not sure I would count on a WAN over some of them.  I've had ISP's
take no responsibility for problems that I then had to PROVE were their
problem.  Some are good.

  I'm sure someone will disagree with this, but here goes:
I like ANS - I find them to be top quality.  Their service and skills
are outstanding, and you could probably work out some service level
guarantee's.  My experiences are from both a Large site and from a
Small site - they have dialed into our router before I knew there's a
problem - and I was actively using the net at the time (someone had
backhoe'd our leased line -small site) and I've had my beeper go off
when I was changing cables and dropped the wire (large site).  They
cost more, but if you can afford them, they're good.

  Bottom line:  Yes DEC has a tool.  So do lots of companies.  Make
sure their competitive actually encrypt the whole packet (rather than
just the header).

chuck                  chuck@yerkes.com
consultant

> Digital recently released a new (?) way of using the public Internet to create -
> -or replace--private local or wide area networks. All sensitive data is 
> encrypted with RSA tech, private key/public key cryptography on either end of 
> communication as well as authentication so the parties can accurately identify 
> each other. It's called the Digital Internet Tunnel. 
> 
> Has anyone heard about this kind of system (surely not the first of its kind) 
> and is this safe??
> 
> CJ Prince
> 

• Internet Tunnel Question
• From: "Prince, Cheryl" <cprince@mfi.com>

• Previous: Re: Internet Tunnel Question
• Next: Re: Internet Tunnel Question
• Index(es):
  • Index
  • Thread