Hello all,

In this particular scenario, I can't see any added benefit to having the link between CAPTAIN and GRUNT encrypted. Before accessing CAPTAIN, a hacker would first have to have control, at least to some degree, of GRUNT. Once acheived, the now compromised GRUNT will have full access to CAPTAIN (or whatever access GRUNT normally has), whether the link between the two boxes is encrypted or not. Because CAPTAIN trusts GRUNT, if you take control of GRUNT you take control of CAPTAIN. The encrypted tunnel will just as happily carry hacker traffic from GRUNT to CAPTAIN as it will legitimate traffic, once GRUNT is compromised.

Regards,
Alan Mott