[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Bruce Schneier on IPsec

To: "(Markku Savela)" <msa@hemuli.tte.vtt.fi>
Subject: RE: Bruce Schneier on IPsec
From: Michael.Owen@net-tel.co.uk
Date: Mon, 21 Feb 2000 11:44:10 +0000
Cc: ipsec@lists.tislabs.com
In-Reply-To: <200002030844.KAA28887@anise.tte.vtt.fi>
Original-Encoded-Information-Types: IA5-Text, (2)(6)(1)(12)(0), (1)(2)(840)(113556)(3)(10)(1)
References: <200002030221.SAA03463@homer.ka9q.ampr.org>
Sender: owner-ipsec@lists.tislabs.com
X400-Content-Identifier: RE: Bruce Schnei
X400-Content-Type: P2-1988 (22)
X400-MTS-Identifier: ["/PRMD=NET-TEL/ADMD=Gold 400/C=GB/";ORANGE:0081-000221114410-1091]
X400-Originator: Michael.Owen@net-tel.co.uk
X400-Received: by mta "ice" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Mon, 21 Feb 2000 11:44:47 +0000
X400-Received: by mta "net-tel" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Mon, 21 Feb 2000 11:44:10 +0000
X400-Received: by "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"; Relayed; Mon, 21 Feb 2000 11:44:10 +0000
X400-Recipients: non-disclosure:;

> POP and IMAP servers are one place to apply IPSEC. Instead of having
> to create special SSLized POP/IMAP/etc clients, one could have
> machines running the servers require IPSEC for accessing the
> services. This is just another form of end-to-end application.

Unfortunately for IPSEC, this is an area where SSL has taken hold - it's fast becoming the perceived standard for secure connections. To be honest, I personally had always just seen IPSEC as something for VPN use. (ie: if you want everything encrypted, use IPSEC, if you want one or two occasional things encrypted, use SSL.)

> Actually HTTPS could also be similarly replaced with IPSEC + HTTP?
> 
> This way the client applications can be used unchanged, when the
> client host has IPSEC. The servers admin would also be its own CA, and
> thus having the full control of the certificates being used to access.

In this case (https) I see even less reason to switch to IPSEC. SSL has already become the standard for secure web communications, and comes build into Netscape and IE, and is supported by Apache-SSL and several commercial web servers. Why would anyone want to change it to IPSEC now?

--
Michael

Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
Michael.Owen@net-tel.co.uk

References:

Re: Bruce Schneier on IPsec

From: Phil Karn <karn@ka9q.ampr.org>

Re: Bruce Schneier on IPsec

From: Markku Savela <msa@anise.tte.vtt.fi>

Prev by Date: Re: IPSec Complexity
Next by Date: RE: IPSec Complexity
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread