 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
And lo on Fri, 04 Jul 2008 12:01:07 +0100, Jim Henderson
<nos### [at] nospam com> did spake, saying:
> On Fri, 04 Jul 2008 11:27:26 +0100, Invisible wrote:
>
>>>> No problem. There's no charge for this service. Please contact Phil
>>>> Cook in my absence. ;-)
But I charge by the word.
>>> And another laugh. I might actually get some sleep yet tonight. :-)
>>
>> Yeah - dude, what the hell?? WHY ARE YOU AWAKE?! x_x
>
> Right now because I'm talking to you. 5 AM now.
>
> Today's the 4th of July here, so I don't have to work today.
Too many giant spaceships hovering over the cities causing congestion?
Pfft uppity colonials, you don't see us celebrating Consitutional Monarchy
Day.
--
Phil Cook
--
I once tried to be apathetic, but I just couldn't be bothered
http://flipc.blogspot.com
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>>>> No problem. There's no charge for this service. Please contact Phil
>>>>> Cook in my absence. ;-)
>
> But I charge by the word.
He does, you know...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> As does the fact that SSL and TLS both run over TCP, yet OpenVPN seems
> to be using UPD. That looks like a big enough deviation from the
> standard that I'm left wondering how many design decisions have been
> made with potential security implications.
Yes, exactly. That, and all the other things you might want to do (like
be behind a NAT) that OpenVPN doesn't handle.
Note that SSL and TLS are both technologically the same thing. The
difference is in provisioning. That is, it's SSL if you start the
protocol dance as soon as you open the port (because you're talking on
port 443 instead of port 80, for example). It's TLS if you open the
connection, do some negotiation, *then* start encrypting, such as with
BEEP or Secure SMTP or anything else that has a "STARTTLS" command.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> As does the fact that SSL and TLS both run over TCP, yet OpenVPN seems
>> to be using UPD. That looks like a big enough deviation from the
>> standard that I'm left wondering how many design decisions have been
>> made with potential security implications.
>
> Yes, exactly. That, and all the other things you might want to do (like
> be behind a NAT) that OpenVPN doesn't handle.
I thought I saw somewhere that OpenVPN *does* work with NAT, but IPSec
doesn't. (Because NAT involves packet modification, which IPSec is
obviously designed to prevent.)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> I thought I saw somewhere that OpenVPN *does* work with NAT, but IPSec
> doesn't. (Because NAT involves packet modification, which IPSec is
> obviously designed to prevent.)
No, what they said was that if you want IPSec to work with NAT, you had
to exclude the IP addresses from the hash calculation with a
configuration. Since OpenVPN never even offers the opportunity to
include the IP addresses, it's "simpler" and therefore more secure.
Huh?
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 15:17:37 +0100, "Phil Cook"
<phi### [at] nospamrocainfreeservecouk> wrote:
>
>Pfft uppity colonials, you don't see us celebrating Consitutional Monarchy
>Day.
A bit late but I always celebrate "Good Riddance Day" ;)
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 18:40:54 +0100, Orchid XP v8 wrote:
> I thought I saw somewhere that OpenVPN *does* work with NAT, but IPSec
> doesn't. (Because NAT involves packet modification, which IPSec is
> obviously designed to prevent.)
IPSec can work over NATted connections, you just need a router that will
handle it. The last couple Linksys routers I've had (and the Belkin I
currently own, IIRC) have supported IPSec over NAT.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 13:33:49 +0100, Invisible wrote:
> Jim Henderson wrote:
>
>> Ah, I see. There are so many Jamies' in the world.
>
> And I kinda promised that if I ever have children... well, there'll be
> *another* Jamie in the world. ;-)
:-)
>> But hey, it sounds
>> like you've got at least *one* friend. Actually, though, I know you
>> have more than that. ;-)
>
> Meh. There are people I sometimes speak to on teh interwebs. But human
> beings that I can actually go hang out with? Now that's a tiny list. :-(
Hey, the same goes here. Offhand, I can think of about 2 people outside
of work that I will just hang out with - and they're my immediate
family. I'll occasionally have lunch with one of my instructors or
coworkers at lunch. Very occasionally, I'll get together with the
neighbors across the alley from us, or the ones next door to us.
>>> Seriously, Zazzle boasts that you can have your order within 24 hours,
>>> but that's only actually true if you line in North America. For the
>>> rest of the world... it takes rather a long time. :-( I wish they
>>> would set up a facility somewhere in mainland Europe...
>>
>> Seems a lot of companies operate that way. We have a similar
>> experience when ordering DVDs from amazon.co.uk as well.
>
> Really? I usually find Amazon to be quite good...
You're not in the US ordering from a.co.uk, though. When I order from
Amazon US, delivery time is just fine - but from the UK, it takes a while
longer.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 15:17:37 +0100, Phil Cook wrote:
> And lo on Fri, 04 Jul 2008 12:01:07 +0100, Jim Henderson
> <nos### [at] nospamcom> did spake, saying:
>
>> On Fri, 04 Jul 2008 11:27:26 +0100, Invisible wrote:
>>
>>>>> No problem. There's no charge for this service. Please contact Phil
>>>>> Cook in my absence. ;-)
>
> But I charge by the word.
>
>>>> And another laugh. I might actually get some sleep yet tonight. :-)
>>>
>>> Yeah - dude, what the hell?? WHY ARE YOU AWAKE?! x_x
>>
>> Right now because I'm talking to you. 5 AM now.
>>
>> Today's the 4th of July here, so I don't have to work today.
>
> Too many giant spaceships hovering over the cities causing congestion?
Yeah, something like that.
> Pfft uppity colonials, you don't see us celebrating Consitutional
> Monarchy Day.
Heh, well, I know a number of Brits who celebrate having rid themselves
of us, so that's fair. ;-) As for us, we celebrated by calming cats
during the fireworks - but the fireworks themselves have been very muted
this year out here.
Oh, and I cooked us some *excellent* steaks. I managed - for the first
time - to cook medium-rare steaks instead of cooking them until they were
charcoal. You'd be able to see more about it in my LJ.
It's kinda ironic - I'm perfectly happy having some reheated pizza or
canned soup, but I somehow do seem to pull together some pretty good home
cooked food every once in a while - and I enjoy it, which just really
surprises me.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Sat, 05 Jul 2008 17:34:55 +0100, Stephen wrote:
> On Fri, 04 Jul 2008 15:17:37 +0100, "Phil Cook"
> <phi### [at] nospamrocainfreeservecouk> wrote:
>
>
>>Pfft uppity colonials, you don't see us celebrating Consitutional
>>Monarchy Day.
>
> A bit late but I always celebrate "Good Riddance Day" ;)
See, Phil? This is what I was just saying. ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
