[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Bruce Schneier on IPsec
- To: "(Markku Savela)" <msa@hemuli.tte.vtt.fi>
- Subject: RE: Bruce Schneier on IPsec
- From: Michael.Owen@net-tel.co.uk
- Date: Mon, 21 Feb 2000 11:44:10 +0000
- Cc: ipsec@lists.tislabs.com
- In-Reply-To: <200002030844.KAA28887@anise.tte.vtt.fi>
- Original-Encoded-Information-Types: IA5-Text, (2)(6)(1)(12)(0), (1)(2)(840)(113556)(3)(10)(1)
- References: <200002030221.SAA03463@homer.ka9q.ampr.org>
- Sender: owner-ipsec@lists.tislabs.com
- X400-Content-Identifier: RE: Bruce Schnei
- X400-Content-Type: P2-1988 (22)
- X400-MTS-Identifier: ["/PRMD=NET-TEL/ADMD=Gold 400/C=GB/";ORANGE:0081-000221114410-1091]
- X400-Originator: Michael.Owen@net-tel.co.uk
- X400-Received: by mta "ice" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Mon, 21 Feb 2000 11:44:47 +0000
- X400-Received: by mta "net-tel" in "/PRMD=net-tel/ADMD=gold 400/C=gb/"; Relayed; Mon, 21 Feb 2000 11:44:10 +0000
- X400-Received: by "/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"; Relayed; Mon, 21 Feb 2000 11:44:10 +0000
- X400-Recipients: non-disclosure:;
> POP and IMAP servers are one place to apply IPSEC. Instead of having
> to create special SSLized POP/IMAP/etc clients, one could have
> machines running the servers require IPSEC for accessing the
> services. This is just another form of end-to-end application.
Unfortunately for IPSEC, this is an area where SSL has taken hold - it's fast becoming the perceived standard for secure connections. To be honest, I personally had always just seen IPSEC as something for VPN use. (ie: if you want everything encrypted, use IPSEC, if you want one or two occasional things encrypted, use SSL.)
> Actually HTTPS could also be similarly replaced with IPSEC + HTTP?
>
> This way the client applications can be used unchanged, when the
> client host has IPSEC. The servers admin would also be its own CA, and
> thus having the full control of the certificates being used to access.
In this case (https) I see even less reason to switch to IPSEC. SSL has already become the standard for secure web communications, and comes build into Netscape and IE, and is supported by Apache-SSL and several commercial web servers. Why would anyone want to change it to IPSEC now?
--
Michael
Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
Michael.Owen@net-tel.co.uk
References: