|
|
04-08-2009
Registered User
26,240,
27
Diagramming a Secure Connection
I was listening to a recent Security Now podcast that reviewed some important cryptography concepts, when Mr. Gibson made an interesting point: "let's assume that we have control of each end, but we have no control at all of the link between, i.e., the Internet. So that means that our communication is subject to having bits dropped, bits added, bits changed, and even bits replayed, things, packets replayed." This made me think about how we describe these type of connections, visually.
The picture commonly drawn on a white board to describe a secure channel over the Internet (and I am guilty of doing this also) is usually similar to drawing a sheathed wire: the traffic on the inside, the protective shield of encryption on the outside. The outside layer protects the inside layer, a.k.a. "crunchy on the outside, chewy on the inside."
But perhaps we should focus on just the endpoints when diagramming a secure connection (VPN, SSH, etc.) We don't have any control over what is done to the traffic between the two parties, so why not draw this connection as just a single line? Diagramming it as something akin to a tunnel or coaxial cable may confuse the issue.
More...
The picture commonly drawn on a white board to describe a secure channel over the Internet (and I am guilty of doing this also) is usually similar to drawing a sheathed wire: the traffic on the inside, the protective shield of encryption on the outside. The outside layer protects the inside layer, a.k.a. "crunchy on the outside, chewy on the inside."
But perhaps we should focus on just the endpoints when diagramming a secure connection (VPN, SSH, etc.) We don't have any control over what is done to the traffic between the two parties, so why not draw this connection as just a single line? Diagramming it as something akin to a tunnel or coaxial cable may confuse the issue.
More...