| To: | "Hans Steegers" <steegers,AT,steegers,DOT,nl> |
| Subject: | Re: What do you guys think about this? |
| From: | "Dick St.Peters" <stpeters,AT,NetHeaven,DOT,com> |
| Date: | Tue, 23 Sep 2003 11:56:23 -0400 |
| Cc: | "CIPE-list" <cipe-l,AT,inka,DOT,de> |
| In-reply-to: | <000401c381c7$70550180$d620a8c0@pcw_hans.hnsasd.priv> |
| References: | <000401c381c7$70550180$d620a8c0@pcw_hans.hnsasd.priv> |
Hans Steegers writes: > 1. CIPE is NOT "Linux's answer to MS-PPTP". CIPE claims to be "a protocol > for ultra lightweight IP encryption". No more, no less. This is the heart of the issue. The problem here is one of lost context. Crypto people are the bank vault designers of the software world; in their context if a door isn't a meter of tempered steel alloy it isn't a secure door. That's fine for bank vaults, but it's more than a little silly for, say, apartment doors. You want an apartment door that doesn't crush the building. A VPN should provide security that's good enough. If you're dealing with state secrets or billions of dollars, CIPE is not good enough. However, if you do business over ordinary phone lines and first class mail, then using CIPE will make your VPN vastly more secure than the rest of your operation, without consuming a lot of resources or making things more complex than necessary. -- Dick St.Peters, stpeters,AT,NetHeaven,DOT,com