Re: SecurID and FreeS/WAN GW
From: Kee Hinckley (nazgul@somewhere.com)Date: 03/21/02
- Previous message: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Maybe in reply to: RussellJ@louisdreyfus.com: "SecurID and FreeS/WAN GW"
- Next in thread: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Mar 2002 20:14:18 -0500 To: Bennett Todd <bet@rahul.net> From: Kee Hinckley <nazgul@somewhere.com>
At 6:37 PM -0500 3/20/02, Bennett Todd wrote:
> > >tied to a particular implementation, it could at least in principle
>> >be re-implemented for others, and any client with a web browser and
>> >an IPSec implementation could log in.
>>
>> Sure, but what a royal pain to use.
>
>Sorry? It'd be possible with any web browser and a standard IP
>stack, as opposed to impossible without a specific, proprietary,
>vendor client.
Quite true. But that has nothing to do with ease of use.
>And if you had some specific behaviour you wanted --- e.g. a
>commandline or gui that prompted for the username and auth
>credentials, then fired them off at the server and started up IPSEC,
>it'd be easy to script in any reasonable language; all the
>interactions are at least standardized.
Yes, but if something goes wrong, debugging it is not fun. You have
to worry about firewalls, proxy servers and many other things. At
some large companies external web access isn't allowed for all users,
those users wouldn't be able to use the VPN. All in all it sounds
like a hack. Far better to simply propose an extension to the
standard and get it approved. In the meantime, from an
administrative standpoint, I'd rather deal with an integrated,
proprietary vendor solution than try and debug something using
multiple protocols.
>As for "something I know, something I have and something I am", I
>assume by that last you mean biometrics; I certainly wouldn't call
>that a "standard security piece" in any forum outside of biometrics
>salescritter conventions, and of course movie scriptwriting.
It's not standard in the sense that it is commonly used. However
those three are commonly given as the set of secure methods, and any
extension should look to addressing them all.
--Kee Hinckley - Somewhere.Com, LLC http://consulting.somewhere.com/ nazgul@somewhere.com
I'm not sure which upsets me more: that people are so unwilling to accept responsibility for their own actions, or that they are so eager to regulate everyone else's.
- Previous message: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Maybe in reply to: RussellJ@louisdreyfus.com: "SecurID and FreeS/WAN GW"
- Next in thread: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Reply: Bennett Todd: "Re: SecurID and FreeS/WAN GW"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
