<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: CIPE source code modifications
From: Wolfgang Ocker <weo,AT,web-alm,DOT,net>
Date: Tue, 25 Mar 2003 15:33:53 +0100
In-reply-to: <003701c2f2ba$26513410$d100010a@lyta>

On Tue, 2003-03-25 at 11:34, Mark Smith wrote:
> Damion wrote:
> > Let me know what you guys think about all this. It's a major change in the
> > operation of the cipsrvr.
> I agree it is, and in this case I can see another good reason to switch away
> from using the registry. [...]

I don't agree. The standard location where to store that kind of
information (device configuration) on a Windows system is the registry,
like it or not. The single critical part of information to hide is the
key that can be stored encoded in the registry. A proof of concept is
available.

> In my experience, a good number of end users do
> not have full access to the registry in the first place and do not have
> Administrative access to their own systems as they are managed by an
> external support company.  [...]

If it is an administrative decision, a VPN connection should be set up
by that administrators. If the user is not allowed to change the DNS
server, why should he be allowed to set up a VPN?

> [...] This method of control and access would
> then make it trivially simple to setup a link, both for the first time and
> subsequently.

Did you try Carsten's latest version? It's pretty simple to set up now.
Or do you mean pretty simple with respect to implementation?

> I also strongly recommend that access to your control protocol is limited by
> ACL to enhance the overall security.  This may seem to defeat my above
> statement, but it is the usual method of security under Win32 that
> corresponds to user permissions under Linux and would control who could
> control the link information.  Also, the file containing the link
> information, be it plain text or not, could easily be stored on an NTFS
> drive with a restricted ACL to prevent just anyone from reading it, just
> like CIPE under Linux.

We should not make the things more complicated as necessary. The only
information that must be protected is the key, and this is done best by
encrypting with a passphrase (if you don't want to have some additional
hardware). I see CIPE/windows being used on client machines, primarily
on laptops (with Linux peers, operated as server or gateways). So it is
possible that a user can enter a password when connecting for the first
time during a session. If the user cannot remember the passphrase, he
can save it in a file protected with an ACL :).

> I wanted to say something about version control, and multiple people working
> on the system while it's still in pre-release, but I can't seem to find a
> way to say 'play nice' that doesn't sound (or could be taken as) unfriendly.
> I think it's fair to say that it's a brilliant concept that lots of people
> find useful, and in some circumstances, essential.  [...]

Very good point. I also would like to see CIPE/Windows on Sourceforge's
CVS. Damion?

> So take care all, and stay happy.

:)

Wolfgang





<< | Thread Index | >> ]    [ << | Date Index | >> ]