Not having to hijack http://seclists.org/nanog/2013/Jul/251, and without further ado, On 7/12/13, ryangard@gmail.com <ryangard@gmail.com> wrote:
It wouldn't be. When the endpoint in question is compromised, there isn't any amount of tunneling or obscurity between point a and point b that will resolve it. Only thing you can do is change to a solution that you have more control over. Sent on the TELUS Mobility network with BlackBerry
This just got very interesting. Given that we do not own any Microsoft products here, and still able to function like any other corporation, I am more interested in a "solution that you have more control over" secured connections. We currently are using OpenVPN and PKI, coupled with a company policy of key updates every 3 months this will only get incrementally more complex as the number of clients increase. Not to mention one only needs a 3 minutes.... Question: What other options do we have to maintain a secure connection between client and server that gives us more control over traditional OpenVPN+PKI. It would be nice to be able to deploy private keys automatically to the different clients however, seems like a disaster waiting to happen. I would really appreciate some of your takes on this matter, what types of technology, policies are being employed out there for secure connections. Kind Regards, Nick.