[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

swIPe




The other day, while I was poking around the C'Punk FTP site, I ran 
across swIPe, the low-level network security protocol by Matt Blaze and 
John Ioannidis.

I'm not as knowledgeble as many of the people here, but swIPe strikes me 
as "The Right Way" to apply crypto to net-communications.  Instead of 
having secure email, secure mosaic, secure telnet, etc., you have secure IP 
traffic.  It's comparatively simple, it's very flexible, and it's 
transparent.

I haven't heard much about swIPe, and I was wondering if someone could 
bring me up to speed on it, let me know the status of the project, the 
conventional wisdom, etc.  In particular, I'd like to know if anyone uses 
swIPe with Linux.

Also, I'm curious about the practicality of using swIPe as a component in
a larger secure mail (or secure anything) system.  If I understand the
situation properly, swIPe would only be one piece of a total security
system.  You'd still need to protect against unauthorized break-ins on
your machine, and you'd still have to trust root, you'd still depend on
the OS's built-in security, you'd still need a CFS type of program to
store your swIPe keys, etc.

Finally (I know I'm asking a lot of questions here), does anyone have any 
pointers to anything about the key-exchange system (apart from what was 
at soda)?

Thanks,

	Alex