Re: Bruce Schneier on IPsec

[Markku Savela <msa@anise.tte.vtt.fi>]

> But IPSec's real problem is that TCP/IP is steadily becoming less and
> less end-to-end. Email is the best example. We have lots of dumb email
> clients like Netscape and Eudora that cannot do their own outbound
> delivery; and we have POP, needed by the millions of PC users on
> dialup ISPs who cannot run their own full-time mail receivers.

POP and IMAP servers are one place to apply IPSEC. Instead of having
to create special SSLized POP/IMAP/etc clients, one could have
machines running the servers require IPSEC for accessing the
services. This is just another form of end-to-end application.

Actually HTTPS could also be similarly replaced with IPSEC + HTTP?

This way the client applications can be used unchanged, when the
client host has IPSEC. The servers admin would also be its own CA, and
thus having the full control of the certificates being used to access.

The above scenario applies to the situations where the user end is
users own personal host (PC, palm device or mobile phone). It does not
fit a case where the users end is just an account on a shared
host. But then, who would trust cryptographic programs on a host that
one does not have full control of?

-- 
Markku Savela (msa@hemuli.tte.vtt.fi), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/

---

Follow-Ups:

• Re: Bruce Schneier on IPsec
• From: Phil Karn <karn@qualcomm.com>
• RE: Bruce Schneier on IPsec
• From: Michael.Owen@net-tel.co.uk

References:

• Re: Bruce Schneier on IPsec
• From: Phil Karn <karn@ka9q.ampr.org>

---

• Prev by Date: DoS Attacks review?
• Next by Date: Multiple transforms in New Group mode
• Prev by thread: Re: Bruce Schneier on IPsec
• Next by thread: Re: Bruce Schneier on IPsec
• Index(es):
  • Main
  • Thread