From owner-freebsd-security  Sat Nov 25 22:39:51 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id WAA17785
          for security-outgoing; Sat, 25 Nov 1995 22:39:51 -0800
Received: from statler.csc.calpoly.edu (statler-srv.csc.calpoly.edu [129.65.241.4])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id WAA17777
          for <security@freebsd.org>; Sat, 25 Nov 1995 22:39:45 -0800
Received: (from nlawson@localhost) by statler.csc.calpoly.edu (8.6.12/N8) id WAA24634; Sat, 25 Nov 1995 22:39:26 -0800
From: Nathan Lawson <nlawson@statler.csc.calpoly.edu>
Message-Id: <199511260639.WAA24634@statler.csc.calpoly.edu>
Subject: Re: I wonder how much trouble something like this would be to do? :)
To: lyndon@orthanc.com (Lyndon Nerenberg)
Date: Sat, 25 Nov 1995 22:39:25 -0800 (PST)
Cc: security@freebsd.org
In-Reply-To: <199511241845.KAA27588@multivac.orthanc.com> from "Lyndon Nerenberg" at Nov 24, 95 10:45:04 am
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1301      
Sender: owner-security@freebsd.org
Precedence: bulk

> >>>>> "Jordan" == Jordan K Hubbard <jkh@time.cdrom.com> writes:
> 
>     Jordan> Someone sent me this.  It sounds like "one of those really
>     Jordan> simple engineering ideas that marketing got ahold of and
>     Jordan> hyped the heck outta" but still - I can think of more than
>     Jordan> a few MIS managers who'd just eat this up.
> 
> No doubt. I first read about this several (at least three) years
> ago in one of the Usenix Security Conference proceedings. The paper
> described an implementation that had been done for 4.4BSD. I can
> try to dig out a reference if anyone's interested.
 
I believe you are referring to swIPe, an implementation of something like this 
done by Matt Blaze.  Check ftp.csua.berkeley.edu:/pub/cypherpunks/swIPe for 
details.  It is designed for NetBSD and SunOS, but I am sure it's an easy port
to FreeBSD.  The only bad thing about it is that key management is left up to
manual means, but I am sure a quick RSA exchange can be added (along with public
key host authentication).

>     Jordan> The international version is due
>     Jordan> next month. Prices start at $10,000 on Digital Unix and
>     Jordan> comes with DEC's own Firewall Unix, $3,600 on PCs.
> 
> Har dee har har har.

Yes, who ever said that numbers weren't worth good money?

-Nate