[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SSL v IPSEC for management?

To: Waters Stephen <stephen.Waters@cabletron.com>
Subject: RE: SSL v IPSEC for management?
From: Stephen Kent <kent@bbn.com>
Date: Fri, 29 Jan 1999 12:08:07 -0500
Cc: ipsec@tis.com
In-Reply-To: <4FC3655B6D7DD21195E208002BB760FB1044@ntwikkit>
Sender: owner-ipsec@ex.tis.com

Steve,

SSL offers protection against replay, by assuming perfect delivery afforded
over TCP.  Thus attacks against the TCP layer can disrupt SSL sessions, and
one is vulnerable to TCP SYN floods, etc.  IPsec protects against replay,
but operates below TCP and thus protects against a range of (denial of
sevrice and other) attacks that tacke place at hat layer.

Both protocols can make use of certificates for two-way authentication.
Browsers come equipped with a set of root CA certificates, but generic SSL
implementations need not contain this pre-defined set.  Thus, if one makes
use of SSL independent of a browser, one has the same sort of problem as in
an IPsec implementation, i.e., initial acquisition of a CA certificate
suitable for validating certificates issued to the gateway and to the
management station.

Steve

References:

RE: SSL v IPSEC for management?

From: Waters Stephen <stephen.Waters@cabletron.com>

Prev by Date: RE: Legal claims on encryption and authentication algorithm
Next by Date: RE: New IPSec Monitoring MIB draft
Prev by thread: RE: SSL v IPSEC for management?
Next by thread: RE: SSL v IPSEC for management?
Index(es):
- Main
- Thread