From owner-freebsd-questions Fri Nov 27 22:13:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA08446 for freebsd-questions-outgoing; Fri, 27 Nov 1998 22:13:51 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from lux.tenebras.com (dnai-207-181-255-122.dialup.dnai.com [207.181.255.122]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA08441 for ; Fri, 27 Nov 1998 22:13:50 -0800 (PST) (envelope-from kudzu@dnai.com) Received: from dnai.com (windoze.tenebras.com [192.168.100.122]) by lux.tenebras.com (8.8.8/8.8.5) with ESMTP id WAA00317; Fri, 27 Nov 1998 22:12:59 -0800 (PST) Message-ID: <365F9468.44400B3C@dnai.com> Date: Fri, 27 Nov 1998 22:12:56 -0800 From: Michael Sierchio Reply-To: kudzu@dnai.com Organization: Oversized Metaphysics X-Mailer: Mozilla 4.5 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Jim Flowers CC: skip-info@skip.org, freebsd-questions@FreeBSD.ORG Subject: Re: SKIP Headscratcher - The Solution References: <00a801be1a88$4d302d70$848266ce@crocus.ezo.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jim Flowers wrote: > Another thing I discovered, to my cost, is that CDP to setup tunnels between > networks can be a problem unless you first put the far-end skiphost into the > tunnel. This can be done quite easily by swapping "skiplocal export" > scripts via some secure means. It doesn't have to be secure in the sense of secret -- just that you are protected against spoofing. The MKID which is the MD5 hash of the *public* DH value isn't secret -- You can even email these without encryption as long as the message is signed. Or, even more low tech, you can call me on the phone to verify... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message