Follow up to ATM and VPN's

[Tina Bird]

List moderator here:

There are a >lot< of different definitions of "VPN"
out there.  However, please remember the list charter --
what we're talking about here is a private network
built on >any< public infrastructure (Internet, private
IP, ATM, frame, phone lines) that uses encryption,
strong authentication of end points (hosts or users),
and data verification (packet integrity checks, etc)
to secure the data and networks participating in the
system.

Paul's paper is very good, but is a little more
focussed on encapsulation technologies than the security
aspects.

cheers -- Tina Bird

On Thu, 6 Apr 2000, Paul Cardon wrote:

> Date: Thu, 6 Apr 2000 00:10:35 -0400
> From: Paul Cardon <paul at MOQUIJO.COM>
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: Follow up to ATM and VPN's
>
> "Fullerton, Glenn" wrote:
> > VPN is by definition has encryption associated with it.  So people use VPN
> > to equal some level of encryption.  Same as users equate a Xerox machine for
> > a photocopier.
>
> quibble mode on
>
> Just like Kleenex and Xerox it does appear to be the common usage.  The
> proportion of people who immediately think "encryption" when they hear
> "VPN" is certainly increasing, especially when talking about Internet
> VPNs, but a VPN does not include encryption by definition.  I admit that
> in most environments, encryption is necessary for a VPN to meet
> deployment requirements.  However, I have been involved in deployments
> that don't use encryption but still meet definitions of virtual and
> private.
>
> See http://www.employees.org/~ferguson/vpn.pdf
>
> quibble mode off
>
> -paul
>
> VPN is sponsored by SecurityFocus.COM
>

"Doubt is an uncomfortable situation, but certainty is an
absurd one." -- Voltaire

VPN is sponsored by SecurityFocus.COM