>From the desk of Padgett:
>>Actually, the key management problem was solved by V-ONE a couple of years
>>ago. (V-ONE is a firewall vendor).
>>After the host & the firewall have mutually authenticated themselves to each
>>other (to prevent node spoofing), the entire session is encrypted - with each
>>session having a *different* (unique) encryption key.
>Sounds wonderful but pray tell *how* do they authenticate each other ? Out-
>of-channel ? Nice thing about the Netscape reversal of the traditional
>mechanism is that a secure channel is created *before* any trust is exchanged.
>Given that, traditional means of authentication are possible without worry
>of sniffing. Spoofing yes, but not sniffing and us aunchient mainframers know
>how to handle spoofing 8*).
Would it suffice to say that it was good enough for NSA - and that it is the
*only* Internet firewall used in a NSA-approved configuration? In a public
forum, this is probably all I can say.
>ps had an interesting conversation with the NSA today in which I was told that
> it is OK to explain why the right side of a KW-26 card case has all them
> little dents - of course you will have to be shot afterwards...
You might also ask your contacts at the Puzzle Palace about how V-ONE does