From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 18 08:06:30 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4524B16A415
	for <questions@freebsd.org>; Thu, 18 Jan 2007 08:06:30 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Received: from prime.gushi.org (prime.gushi.org [72.9.101.130])
	by mx1.freebsd.org (Postfix) with ESMTP id 065B613C43E
	for <questions@freebsd.org>; Thu, 18 Jan 2007 08:06:29 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Received: from prime.gushi.org (localhost [127.0.0.1])
	by prime.gushi.org (8.13.8/8.13.8) with ESMTP id l0I86QWi067676
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 18 Jan 2007 03:06:26 -0500 (EST)
	(envelope-from danm@prime.gushi.org)
DKIM-Signature: a=rsa-sha1; c=simple/simple; d=prime.gushi.org;
	s=primegushiorg; t=1169107586; bh=ptFWvPm6vHDOa3B5nIFbRFqxdGE=;
	h=DomainKey-Signature:
	Received:Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:
	MIME-Version:Content-Type; b=dHtb2hiTQ1eX1NT91njVAwTxIJX9l36VFmmfzz
	DOhAvN+d9nLiaWOXewJH24tJwt0YmMigY+YMNQw9T2Bi8TYQ==
DomainKey-Signature: a=rsa-sha1; s=primegushiorg; d=prime.gushi.org; c=nofws;
	q=dns; 
	h=received:date:from:to:cc:subject:in-reply-to:message-id:
	references:mime-version:content-type;
	b=eSSB+6thujLDgJJoDiln9X6RC7PgnLaPnPvlOK2mHBY84ZGGeWlce1H/npQGn5bts
	hnmUJmfWw3HvuOV6WtFjg==
Received: (from danm@localhost)
	by prime.gushi.org (8.13.8/8.13.6/Submit) id l0I86PVB067668;
	Thu, 18 Jan 2007 03:06:25 -0500 (EST) (envelope-from danm)
Date: Thu, 18 Jan 2007 03:06:25 -0500 (EST)
From: "Dan Mahoney, System Admin" <danm@prime.gushi.org>
To: Ted Mittelstaedt <tedm@toybox.placo.com>
In-Reply-To: <005701c73ad3$1e433560$3c01a8c0@coolf89ea26645>
Message-ID: <20070118030358.S55095@prime.gushi.org>
References: <20070118022306.Q26349@prime.gushi.org>
	<005701c73ad3$1e433560$3c01a8c0@coolf89ea26645>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: questions@freebsd.org
Subject: Re: Transport Mode IPSEC
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2007 08:06:30 -0000

On Wed, 17 Jan 2007, Ted Mittelstaedt wrote:

> Dan,
>
>   You do realize, don't you, that since both of these hosts are on a switch,
> and are using unicast traffic to communicate with each other, that they
> cannot be sniffed, don't you?

That implies trust of the switch, trust against arp-cache poisoning, and 
the like.  The idea of ipsec is not trusting the wire.

With NIS/NFS known for being this inherently secure, would it get me a 
better answer if I said "with only a single router between them"?

-Dan


--


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------