Firewalls: Re: Firewall-to-Firewall Encryption

Firewalls
(March 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall-to-Firewall Encryption
From:	"Marcus J. Ranum" <mjr @ tis . com>
Organization:	Trusted Information Systems, Inc. Glenwood, MD
Date:	Wed, 1 Mar 1995 11:11:22 -0500 (EST)
To:	william . wells @ damark . com (william.wells)
Cc:	firewalls @ GreatCircle . COM
Coredump:	Infocalypse Now!!!
In-reply-to:	<9503011507 . AA11103 @ damark . com> from "william.wells" at Mar 1, 95 09:08:00 am
Phone:	301-854-6889

william.wells writes:
>Careful here.  In my conversations with various vendors, it is not certain
>that firewall-to-firewall encryption, as currently designed, will work
>between different vendors of firewalls.

	There are 2 issues here. One is key management and the other
is protocol and encryption algorithms. I suspect that most vendors
who are doing firewall to firewall crypto are basing their work on
the draft standards IETF is working towards. So, any standard-track
firewall crypto should interoperate just fine. The other guys will
lose. :)
	Key management is another problem, but as long as you can
exchange keys in a manner that lets your firewalls interoperate
using a standard packet format then you're OK.

mjr.

References:

Re: Firewall-to-Firewall Encryption
From: "william.wells" <william . wells @ damark . com>

Indexed By Date	Previous:	Re: Firewall-to-Firewall Encryption From: mckenney @ smiley . mitre . org (Brian W. McKenney)
Indexed By Date	Next:	Re: Firewall-to-Firewall Encryption From: Larry Chin <Larry_Chin @ ca . cch . com>
Indexed By Thread	Previous:	Re: Firewall-to-Firewall Encryption From: "william.wells" <william . wells @ damark . com>
Indexed By Thread	Next:	Re: Firewall-to-Firewall Encryption From: mckenney @ smiley . mitre . org (Brian W. McKenney)