* New target
@ 2006-02-13 16:16 Gervasio Bernal
2006-02-13 16:36 ` Rennie deGraaf
0 siblings, 1 reply; 7+ messages in thread
From: Gervasio Bernal @ 2006-02-13 16:16 UTC (permalink / raw)
To: netfilter-devel
Hi all!!!
I have developed a new target for iptables that encrypts a
communication. I would like to send it so that you can see it and prove
it. And the possibility that in a future adding it to iptables.
Which are the steps to follow?
Thanks a lot!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
2006-02-13 16:16 New target Gervasio Bernal
@ 2006-02-13 16:36 ` Rennie deGraaf
[not found] ` <43F0CE59.5040201@speedy.com.ar>
0 siblings, 1 reply; 7+ messages in thread
From: Rennie deGraaf @ 2006-02-13 16:36 UTC (permalink / raw)
To: Gervasio Bernal; +Cc: netfilter-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gervasio Bernal wrote:
> Hi all!!!
>
> I have developed a new target for iptables that encrypts a
> communication. I would like to send it so that you can see it and prove
> it. And the possibility that in a future adding it to iptables.
> Which are the steps to follow?
> Thanks a lot!
Our of curiosity, what advantages does your method have over IPSec?
Rennie
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD8LWWIvU5mZP08HERAhCmAJ4nHIwCus/bVLBFPpDyiDnQecm3SACaAhyq
SEWkeJUjGl1DCtGDOzd4i1M=
=k8wy
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
[not found] ` <43F0CE59.5040201@speedy.com.ar>
@ 2006-02-14 0:48 ` Rennie deGraaf
2006-02-14 0:52 ` Allen Francom
2006-02-14 22:36 ` Gervasio Bernal
0 siblings, 2 replies; 7+ messages in thread
From: Rennie deGraaf @ 2006-02-14 0:48 UTC (permalink / raw)
To: Gervasio Bernal; +Cc: netfilter-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gervasio Bernal wrote:
> Rennie deGraaf wrote:
>
>>Gervasio Bernal wrote:
>>
>>
>>>>Hi all!!!
>>>>
>>>>I have developed a new target for iptables that encrypts a
>>>>communication. I would like to send it so that you can see it and prove
>>>>it. And the possibility that in a future adding it to iptables.
>>>>Which are the steps to follow?
>>>>Thanks a lot!
>>
>>
>>Our of curiosity, what advantages does your method have over IPSec?
>>
>>Rennie
>
>
> The great advantage is the ease of use. You only need to put 2 iptables
> rules in each endpoint of communication. One rule for encryption and the
> other for decryption. IPSec is a little more complicated to configure.
Well, I'd be interested in taking a look at your design. How about
posting your design and source somewhere so that we can take a look at it?
Rennie
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD8Sj7IvU5mZP08HERApcYAJ4pOmVyYQJRdI7fuj2PSgjUjF4C2wCeNwie
kOW7cV2dIM3st6SQnsM09G8=
=6K7k
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
2006-02-14 0:48 ` Rennie deGraaf
@ 2006-02-14 0:52 ` Allen Francom
2006-02-14 22:37 ` Gervasio Bernal
2006-02-17 3:28 ` Michael Richardson
2006-02-14 22:36 ` Gervasio Bernal
1 sibling, 2 replies; 7+ messages in thread
From: Allen Francom @ 2006-02-14 0:52 UTC (permalink / raw)
To: Rennie deGraaf; +Cc: Gervasio Bernal, netfilter-devel
Also,
With IPSec, can you "require" any communication from
a.com to b.com to be encrypted ?
IPTables might be able to enforce a requirement for
encrypted communications.
Just a thought...
FYI
-AEF
On Mon, 13 Feb 2006, Rennie deGraaf wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gervasio Bernal wrote:
>> Rennie deGraaf wrote:
>>
>>> Gervasio Bernal wrote:
>>>
>>>
>>>>> Hi all!!!
>>>>>
>>>>> I have developed a new target for iptables that encrypts a
>>>>> communication. I would like to send it so that you can see it and prove
>>>>> it. And the possibility that in a future adding it to iptables.
>>>>> Which are the steps to follow?
>>>>> Thanks a lot!
>>>
>>>
>>> Our of curiosity, what advantages does your method have over IPSec?
>>>
>>> Rennie
>>
>>
>> The great advantage is the ease of use. You only need to put 2 iptables
>> rules in each endpoint of communication. One rule for encryption and the
>> other for decryption. IPSec is a little more complicated to configure.
>
> Well, I'd be interested in taking a look at your design. How about
> posting your design and source somewhere so that we can take a look at it?
>
> Rennie
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFD8Sj7IvU5mZP08HERApcYAJ4pOmVyYQJRdI7fuj2PSgjUjF4C2wCeNwie
> kOW7cV2dIM3st6SQnsM09G8=
> =6K7k
> -----END PGP SIGNATURE-----
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
2006-02-14 0:48 ` Rennie deGraaf
2006-02-14 0:52 ` Allen Francom
@ 2006-02-14 22:36 ` Gervasio Bernal
1 sibling, 0 replies; 7+ messages in thread
From: Gervasio Bernal @ 2006-02-14 22:36 UTC (permalink / raw)
To: netfilter-devel
Rennie deGraaf wrote:
> Gervasio Bernal wrote:
>
>>>Rennie deGraaf wrote:
>>>
>>>
>>>>Gervasio Bernal wrote:
>>>>
>>>>
>>>>
>>>>>>Hi all!!!
>>>>>>
>>>>>>I have developed a new target for iptables that encrypts a
>>>>>>communication. I would like to send it so that you can see it and prove
>>>>>>it. And the possibility that in a future adding it to iptables.
>>>>>>Which are the steps to follow?
>>>>>>Thanks a lot!
>>>>
>>>>
>>>>Our of curiosity, what advantages does your method have over IPSec?
>>>>
>>>>Rennie
>>>
>>>
>>>The great advantage is the ease of use. You only need to put 2 iptables
>>>rules in each endpoint of communication. One rule for encryption and the
>>>other for decryption. IPSec is a little more complicated to configure.
>
>
> Well, I'd be interested in taking a look at your design. How about
> posting your design and source somewhere so that we can take a look at it?
>
> Rennie
Yes, of course. I have no problem. Let me fix some bugs and I post the
sources.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
2006-02-14 0:52 ` Allen Francom
@ 2006-02-14 22:37 ` Gervasio Bernal
2006-02-17 3:28 ` Michael Richardson
1 sibling, 0 replies; 7+ messages in thread
From: Gervasio Bernal @ 2006-02-14 22:37 UTC (permalink / raw)
To: netfilter-devel
Allen Francom wrote:
>
>
> Also,
>
> With IPSec, can you "require" any communication from
> a.com to b.com to be encrypted ?
>
> IPTables might be able to enforce a requirement for
> encrypted communications.
>
> Just a thought...
>
> FYI
> -AEF
>
>
> On Mon, 13 Feb 2006, Rennie deGraaf wrote:
>
> Gervasio Bernal wrote:
>
>>>> Rennie deGraaf wrote:
>>>>
>>>>> Gervasio Bernal wrote:
>>>>>
>>>>>
>>>>>>> Hi all!!!
>>>>>>>
>>>>>>> I have developed a new target for iptables that encrypts a
>>>>>>> communication. I would like to send it so that you can see it and
>>>>>>> prove
>>>>>>> it. And the possibility that in a future adding it to iptables.
>>>>>>> Which are the steps to follow?
>>>>>>> Thanks a lot!
>>>>>
>>>>>
>>>>>
>>>>> Our of curiosity, what advantages does your method have over IPSec?
>>>>>
>>>>> Rennie
>>>>
>>>>
>>>>
>>>> The great advantage is the ease of use. You only need to put 2 iptables
>>>> rules in each endpoint of communication. One rule for encryption and the
>>>> other for decryption. IPSec is a little more complicated to configure.
>
>
> Well, I'd be interested in taking a look at your design. How about
> posting your design and source somewhere so that we can take a look at
> it?
>
> Rennie
>>
You are right Allen, that is another interesting difference.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target
2006-02-14 0:52 ` Allen Francom
2006-02-14 22:37 ` Gervasio Bernal
@ 2006-02-17 3:28 ` Michael Richardson
1 sibling, 0 replies; 7+ messages in thread
From: Michael Richardson @ 2006-02-17 3:28 UTC (permalink / raw)
To: Allen Francom; +Cc: Gervasio Bernal, netfilter-devel, Rennie deGraaf
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Allen" == Allen Francom <aef@prismnet.com> writes:
Allen> Also,
Allen> With IPSec, can you "require" any communication from a.com to
Allen> b.com to be encrypted ?
Yes.
Have you read the specifications?
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ/VC34CLcPvd0N1lAQLr9wgAwmyjkkgyduwXsaQxOUD30LFfA4Eex7K3
aN/xotH3blwNXeAPkUPNq12GDk/q3uw4VMRg4o+GWiAVMxuDz2wA7qg5wfa5PO4P
RexqXeqb+FO923L0UKweffmNT3Zyw2MJuybLdqKaGmSTr3pbM/ihElnlRAOBWn0L
0X/doW1ebwvWCM0dCYTLm6/WEpc1cnSQQaxGMdU9Nyz90hxifFUvNf2KzUWjRUAn
0OpCK6eD0DBgnynsuOOwwVneXDiNySD1cH1XWRFPLUShuEldUnOtcwBZvsYsQJ/j
ftqRwMDrsqdOJ/IAXfQ7JKDtl4VqHq3OTBiXxpNgIwlnBqLVbS8WDg==
=ZGQN
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2006-02-17 3:28 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-02-13 16:16 New target Gervasio Bernal
2006-02-13 16:36 ` Rennie deGraaf
[not found] ` <43F0CE59.5040201@speedy.com.ar>
2006-02-14 0:48 ` Rennie deGraaf
2006-02-14 0:52 ` Allen Francom
2006-02-14 22:37 ` Gervasio Bernal
2006-02-17 3:28 ` Michael Richardson
2006-02-14 22:36 ` Gervasio Bernal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.