Secure Tunneling. Only with more Control!!!

Nick Khamis symack at
Sat Jul 13 13:36:09 UTC 2013

Not having to hijack, and
without further ado,

On 7/12/13, ryangard at <ryangard at> wrote:
> It wouldn't be. When the endpoint in question is compromised, there isn't
> any amount of tunneling or obscurity between point a and point b that will
> resolve it. Only thing you can do is change to a solution that you have more
> control over.
> Sent on the TELUS Mobility network with BlackBerry

This just got very interesting. Given that we do not own any Microsoft
products here, and still able to function like any other corporation,
I am more interested in a "solution that you have more control over"
secured connections. We currently are using OpenVPN and PKI, coupled
with a company policy of key updates every 3 months this will only get
incrementally more complex as the number of clients increase. Not to
mention one only needs a 3 minutes....

Question: What other options do we have to maintain a secure
connection between client and server that gives us more control over
traditional OpenVPN+PKI. It would be nice to be able to deploy private
keys automatically to the different clients however, seems like a
disaster waiting to happen.

I would really appreciate some of your takes on this matter, what
types of technology, policies are being employed out there for secure

Kind Regards,


More information about the NANOG mailing list