Re: IPSec vs SSL

[Yuri Poeluev <ypoeluev@certicom.com>]

Hi,

What kind of "active attacks"? Please be specific.
I agree that IPSec can prevent some attacks
"on the underlying TCP connection".  I was talking
about crypto suites strength. Sorry, if I was misunderstood.

By the way, IPSec can't possibly prevent activating a virus received
over a secure IPSec channel, which can cause losing all data on your
computer or system crash. :-)

Another point - you might want to use SSL on VPN as well.
So, you will have both at the same time. As I said,
it depends on your needs. Are you suggesting to use
IPSec instead SSL?

Regards,
Yuri Poeluev
Certicom Corp.

Michael Richardson wrote:

> >>>>> "Yuri" == Yuri Poeluev <ypoeluev@certicom.com> writes:
>     Yuri> You can't say that IPSec is more secure than SSL. It depends on
>     Yuri> what crypto algorithms are really used in each case.  If you use
>     Yuri> SSL, you'll get security at application level (a Web browser for
>     Yuri> instance).  If you use IPSec, you'll get security at network
> level,
>     Yuri> in which case all your applications can be protected. I say
> "can",
>
>   It has nothing to do with that.
>   You can use, for instance, SSL or a GSSAPI enabled SOCKS-Winsock client
> and get "all your applications" protected. The difference between IPsec
> and something like SSL that runs over TCP is that SSL gets killed as soon
> as someone starts an active attack on the underlying TCP connection.
>
>    :!mcr!:            |  Solidum Systems Corporation,
> http://www.solidum.com
>    Michael Richardson |For a better connected world,where data flows
> faster<tm>
>  Personal:
> http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
>         mailto:mcr@sandelman.ottawa.on.ca       mailto:mcr@solidum.com

---

• Prev by Date: Re: IPSec vs SSL
• Next by Date: Re: MAC speeds
• Prev by thread: Re: IPSec vs SSL
• Index(es):
  • Main
  • Thread