[Sussex] VPN attitudes

Nic James Ferrier nferrier at tapsellferrier.co.uk
Tue Aug 29 13:47:41 UTC 2006


Steven Dobson <steve at dobson.org> writes:

> Isn't the whole point of a VPN that it is private - that is what the 'P'
> stands for after all.  If you (or your company) are providing the VPN
> then it can't be private as you are involved in setting it up and
> therefore know the keys.
>
> For example:  Lets just say that I use our VPN between my laptop and
> home when I am out in the field.  If the government came to you and
> (with all the correct paper work signed by a judge) asked for the keys
> you would, of course, hand them over.  However, if I was in total
> control then the government would have to come to me and ask me for the
> keys.  I would then know I was under investigation.

It depends which way you establish the tunnel. 

A simple linux based VPN can be done with SSH and PPP. You run PPP
with an SSH command to connect from one machine to another. The PPP
protocol can then be used to establish a network over the tty
that SSH provides.

In that example one machine is the client and the other is the
server. The client has a private key and sends it's public pair to the
server. The server does not know the client's private key.

I think this is the same for any asymmetric crypto VPN.


Note that if I provide a service to you and the Government wants to
snoop on it, it doesn't need VPN keys. It can just demand that I send
them a copy of the traffic arriving on the VPN end point.


-- 
Nic Ferrier
http://www.tapsellferrier.co.uk   for all your tapsell ferrier needs




More information about the Sussex mailing list