[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL v IPSEC for management?

To: "John Shriver <jas@shiva.com> at EUROINTERNET" <IMCEACCMAIL-John+20Shriver+20+3Cjas+40shiva+2Ecom+3E+20at+20EUROINTERNET@ctron.com>
Subject: RE: SSL v IPSEC for management?
From: Waters Stephen <stephen.Waters@cabletron.com>
Date: Tue, 26 Jan 1999 10:15:27 -0000
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com


SSL is a general socket-level protection that does allow two-way
authentication. S-HTTP is security at the 'application' layer just for HTTP.


Since neither of these protect the IP header (or other bits?), then I'm
assuming it is not as secure as IPSEC streams - e.g. exposure to address
spoofing, relay-attacks, others?

Cheers, Steve.

-----Original Message-----
From: John Shriver <jas@shiva.com> at EUROINTERNET 
Sent: Monday, January 25, 1999 6:30 PM
To: Waters Stephen
Subject: RE: SSL v IPSEC for management? 


If SSL is what's under Secure HTTP, there's the issue that only the
"server" is authenticated, not the client.

Follow-Ups:

RE: SSL v IPSEC for management?

From: Stephen Kent <kent@bbn.com>

Prev by Date: New archive of the IPsec mailing list
Next by Date: RE: SSL v IPSEC for management?
Prev by thread: SSL v IPSEC for management?
Next by thread: RE: SSL v IPSEC for management?
Index(es):
- Main
- Thread