From owner-freebsd-security  Fri May 31  2:43: 3 2002
Delivered-To: freebsd-security@freebsd.org
Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240])
	by hub.freebsd.org (Postfix) with ESMTP id 9FACD37B401
	for <freebsd-security@freebsd.org>; Fri, 31 May 2002 02:42:56 -0700 (PDT)
Received: (qmail 44962 invoked by uid 1000); 31 May 2002 09:42:50 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 31 May 2002 09:42:50 -0000
Date: Fri, 31 May 2002 02:42:49 -0700 (PDT)
From: Jason Stone <jason@shalott.net>
X-X-Sender:  <jason@walter>
To: =?iso-8859-1?Q?=D8ystein_Andreassen?= <oystein.andreassen@systec.no>
Cc: 'Joshua Coombs' <jcoombs@gwi.net>,
	"FreeBSD Secuity (E-mail)" <freebsd-security@freebsd.org>
Subject: RE: Ethernet layer 2 or 1 encryption
In-Reply-To: <E0B92A48AF8CD31185EA0008C778E0910E156A@skywalker.systec.no>
Message-ID: <20020531023040.K86736-100000@walter>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> What about fiber? It's not encrypted, I know, but is's not possible to
> eavsdrop ither (I think:)...

Actually, you can, in fact sniff fibre.  Additionally, if you have
physical access anyway, you can be a literal man-in-the-middle, bridging
all traffic and keeping a copy for yourself.

You could probably do something with the tun(4) device.  And there's
probablly some l2tp software in ports/net that would fit your needs (tund,
vtun).  l2tp would have higher latency and overhead then just encrypting
ethernet payloads, but it has the advantage of being already available.


 -Jason

 -----------------------------------------------------------------------
 I worry about my child and the Internet all the time, even though she's
 too young to have logged on yet.  Here's what I worry about.  I worry
 that 10 or 15 years from now, she will come to me and say "Daddy, where
 were you when they took freedom of the press away from the Internet?"
	-- Mike Godwin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg

iD8DBQE890WaswXMWWtptckRAiPbAKDABp8cdDODFlyQq7Z7K13bvsvDoACgqk6E
Qu4UmqGSe+AP1SJroLBvfl8=
=C0gU
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message