Re: [hylafax-users] Routing faxes to other fax servers based on phone number

To: hylafax-users@hylafax.org
Subject: Re: [hylafax-users] Routing faxes to other fax servers based on phone number
From: Joe Phillips <jaiger@acm.org>
Date: Fri, 22 Mar 2002 09:32:01 -0500

I think if we want secure application-level communication, SSL is the way
to go.

a VPN is a good idea if you need support for more than one application.

In this case, we (potentially) would want secure communication between
one server/client and the next - one application.

If we integrate SSL, the 'automatic firewall' issue goes away - we don't need
a firewall because we don't have a full netork (the N in VPN) between hosts.
The same goes for adding/removing routes.

If all you care about is the end (can I send a fax or not?) then either 
solution will work I'm sure.  A VPN would most likely be overkill.

I see the difference between VPN and SSL (in this context) being that SSL
will be the minimum functionality we need to meet our end (secure, encrypted
client/server network communications on 2 sockets) where a VPN gives us
a full-blown encrypted network including routing on all ports between client
and server.  In the second, VPN case we need to now be aware of our
routing, firewall rules, tcp-wrappers, etc in order to 1. make the thing
work and 2. keep it secure.  This is analagous to the difference between
starting with a stripped-down, minimal system and adding *only* those features
that you require vs. starting with a wide-open, full install and removing
what you don't need.

It's much easier to maintain security in the first situation.

-joe

On Fri, Mar 22, 2002 at 08:51:07AM -0500, Yan Seiner wrote:
> Joe Phillips wrote:
> >As for VPN/vtun, why not SSL?
> >
> Because I know it?  Actually, vtun has built-in hooks for 
> opening/closing firewalls, adding and tearing down routes, etc.  It can 
> also be brought up on demand very quickly, and shut down.
> 
> And I've never worked with ssl - I don't think it can be used as a VPN - 
> it's and encryption/authentication system, isn't it?

-- 
     Innovation Software Group, LLC - http://www.innovationsw.com
               Custom Internet and Computer Solutions
                   Linux, UNIX, Java Training

____________________ HylaFAX(tm) Users Mailing List _______________________
 To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null

References:
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Lee Howard
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Sedat Yilmazer
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Joe Phillips
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Lee Howard
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Yan Seiner
- Re: [hylafax-users] Routing faxes to other fax servers based on phone number
  - From: Joe Phillips
- Re: [hylafax-users] Routing faxes to other fax servers based on phonenumber
  - From: Yan Seiner
- Re: [hylafax-users] Routing faxes to other fax servers based on phonenumber
  - From: Yan Seiner

Prev by Date: Re: [hylafax-users] Routing faxes to other fax servers based on phonenumber
Next by Date: Re: [hylafax-users] Routing faxes to other fax servers based on phone number
Previous by thread: Re: [hylafax-users] Routing faxes to other fax servers based on phonenumber
Next by thread: Re: [hylafax-users] Routing faxes to other fax servers based on phone number
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions