[14620] in cryptography@c2.net mail archive
Re: Open Source (was Simple SSL/TLS - Some Questions)
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sun Oct 12 17:07:43 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: 12 Oct 2003 16:57:20 -0400
[Moderator's note: Forwarded anonymously at the sender's request, so
if you reply to this, please cut my name out of it, it isn't my
message --Perry]
----------------------------------------------------------------------
Perry, please forward anonymously.
On Friday, Oct 10, 2003, at 22:48 America/Chicago, David Honig wrote:
> At 12:08 AM 10/10/03 +0800, Ng Pheng Siong wrote:
>> I believe SSL VPNs are easier than IPsec to deploy
>
> For the former, you give a password or two --maybe
> reuse a POP3 that your users already have-- and all your
> users get in fairly securely, and you can verify them.
Ugh.
Taking a page from the IETF playbook, I ran dsniff as a background task
at a recent business meeting. I captured hundreds of assorted
passwords. About half were POP passwords.
----------------------------------------------------------------------
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
