[Sussex] VPN attitudes
Nic James Ferrier
nferrier at tapsellferrier.co.uk
Tue Aug 29 14:27:36 UTC 2006
Steven Dobson <steve at dobson.org> writes:
>> In that example one machine is the client and the other is the
>> server. The client has a private key and sends it's public pair to the
>> server. The server does not know the client's private key.
>
> There are serveral handshakes between client and server to establish a
> session key that is then used to encrypt that session. I can't remember
> it off the top of my head, but it is done in such a way that someone
> snooping can't find out the session key.
Or the client's private key because the calculation works only one
way. So the private key is always controlled by you.
>> Note that if I provide a service to you and the Government wants to
>> snoop on it, it doesn't need VPN keys. It can just demand that I send
>> them a copy of the traffic arriving on the VPN end point.
>
> Which is my point. Unless I control both ends, which includes the keys,
> of both client and server then the VPN can not be garenteed private.
But it's got nothing to do with the keys Steve. The keys are
irrelevant. If I gave you a piece of wire that connected you directly
to me I could provide the Government with the data that comes into
me from you.
With a VPN you either provide your public key or you grant access
based on someone else's public key.
But none of that is relevant to the snooping situation. As soon as you
have a circuit between two parties there is a risk that the other
party might snoop on your data without you knowing.
--
Nic Ferrier
http://www.tapsellferrier.co.uk for all your tapsell ferrier needs
More information about the Sussex
mailing list