[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] SSL VPNs and security

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] SSL VPNs and security
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Fri, 09 Jun 2006 11:35:42 -0400

SSL certificates are free.  You just have to have enough knowledge to
distribute your own CA certificate.  For a VPN appliance, this should
not be a problem at all, since only your trusted users should be
accessing it. Even if you aren't competent enough to figure out how to
distribute your own CA certificate, I believe there are such things as
wildcard certificates.

Great .. setup a SSL vpn, then tell your users it's okay to click "yes"on the "untrusted certificate" popup.

Sure, it's trivial to create self-signed certs (or run a CA), butdistributing your cert (or the CA cert) to all but a handful of clientsis a logistical nightmare.

If you're going to be installing stuff, might as well make that aIKE/IPSEC client and do it the right way to begin with.


/mike.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] SSL VPNs and security
  - From: Tim

References:
- [Full-disclosure] SSL VPNs and security
  - From: Michal Zalewski
- Re: [Full-disclosure] SSL VPNs and security
  - From: Tim
- Re: [Full-disclosure] SSL VPNs and security
  - From: Michael Holstein
- Re: [Full-disclosure] SSL VPNs and security
  - From: Tim

Prev by Date: [Full-disclosure] [ GLSA 200606-07 ] Vixie Cron: Privilege Escalation
Next by Date: Re: [Full-disclosure] Re: blocking tor is not the right way forward. It may just be the right way backward.
Previous by thread: Re: [Full-disclosure] SSL VPNs and security
Next by thread: Re: [Full-disclosure] SSL VPNs and security
Index(es):
- Date
- Thread