Complete.Org: Mailing Lists: Archives: discussion: April 2002:
[aclug-L] Re: Encrypted/compresed network traffic
Home

[aclug-L] Re: Encrypted/compresed network traffic

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <discussion@xxxxxxxxx>
Subject: [aclug-L] Re: Encrypted/compresed network traffic
From: "Dale W Hodge" <dwh@xxxxxxxxxxxxxxxx>
Date: Thu, 4 Apr 2002 13:27:55 -0600
Reply-to: discussion@xxxxxxxxx

> -----Original Message-----
> From: discussion-bounce@xxxxxxxxx [mailto:discussion-bounce@xxxxxxxxx]On
> Behalf Of Jonathan Hall
>
>
> Here's a real general question that may have a rather complex answer.
>
> Given an ethernet segment containing three 3 Linux machines, is there any
> way to encrypt (and possibly compress) all traffic sent to the ethernet
> segment, aside from building tunnels between all 3 machines?
>
> Thanks for any input anyone may have :)

Perhaps SKIP or IPV6?

3.2.5. Encrypting Individual IP Packets (SKIP)

Instead of exchanging a session key, as we might do via Kerberos for a telnet
session, we could choose to encrypt all IP packets, all the time, at the IP
level. Naturally, we must encrypt them in a way that the destination can
successfully decrypt them. There is a special key-distribution scheme designed
for packet-level encryption called the Simple Key-Management for Internet
Protocols (SKIP). SKIP assumes that each site in the network has a public key,
which can be used to create many keys between two sites. The basic idea of the
algorithm is to encapsulate the packet-key (the key to decrypt that packet)
inside the packet, and encrypt that with shared secret between the two sites.
The SKIP technique also provides an easy method of changing the shared secret
between two sites [Aziz, Patterson96]. Since this method is not session-based,
it can cover all aspects of TCP/IP communication, not merely applications.

http://www.skip.org/


--dwh

---
Dale W Hodge - dwh@xxxxxxxxxxxxxxxx
Vice Chairman & Secretary - info@xxxxxxxxx
Air Capital Linux User's Group  (ACLUG)
---




-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]