Author Archive
February 25th, 2009 by Jan Bervar
So you'd like to implement a Cisco IPsec VPN using RSA keys and certificates in a PKI to authenticate peers? I'm guessing that your reasons for this are (some of) the following:
You understand that partially or fully meshed VPNs require a scalable peer-authentication method.
You choose not to use pre-shared keys ...
Posted in Security, Technical, VPN | No Comments »
February 17th, 2009 by Jan Bervar
By now, you probably have heard about the latest Cisco site-to-site VPN technology, Group Encrypted Transport VPN (GET VPN). GET VPN promises to solve most of the scalability and manageability issues of partially or fully meshed IPsec VPNs. However, before you jump into the fire, it's important to understand that ...
Posted in Security, Technical, Training, VPN | 1 Comment »
August 7th, 2008 by Jan Bervar
In parts 1 and 2 of this series I bashed some aspects of the current state of real-life PKI implementations, the "global PKI," and the use of self-signed certificates. What we have left are PKIs that are not global, nor do they use self-signed certificates. I am talking about private ...
Posted in Security, Technical | No Comments »
July 28th, 2008 by Jan Bervar
In part 1 of this series, I started laying out what I perceive to be the basic problems of how certificates and PKI are (ab)used today, especially in Internet applications. Today, I want to take things a step further and discuss self-signed certificates and how browsers' user interfaces have handled ...
Posted in Security, Technical | 1 Comment »
July 23rd, 2008 by Jan Bervar
For a number of years now, it has been unfashionable to criticize the condition of PKI and X.509. We use a subset of these standards daily to surf the web (HTTPS), exchange email (S/MIME, SMTPS, etc.), and so forth. Some pains of PKI are well documented (see Peter Gutmann's "Everything ...
Posted in Security, Technical | No Comments »
June 26th, 2008 by Jan Bervar
If you missed the announcement of VMware’s VMsafe a while ago, go check it out. VMsafe is an open API for vendors to add security services to VMware’s ESX hypervisor. It allows third-party add-ons to control connectivity with virtual networking and execution of guest operating systems or applications. In this ...
Posted in Security, Technical, Virtualization | 2 Comments »
