[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec vs SSL
Hi,
What kind of "active attacks"? Please be specific.
I agree that IPSec can prevent some attacks
"on the underlying TCP connection". I was talking
about crypto suites strength. Sorry, if I was misunderstood.
By the way, IPSec can't possibly prevent activating a virus received
over a secure IPSec channel, which can cause losing all data on your
computer or system crash. :-)
Another point - you might want to use SSL on VPN as well.
So, you will have both at the same time. As I said,
it depends on your needs. Are you suggesting to use
IPSec instead SSL?
Regards,
Yuri Poeluev
Certicom Corp.
Michael Richardson wrote:
> >>>>> "Yuri" == Yuri Poeluev <ypoeluev@certicom.com> writes:
> Yuri> You can't say that IPSec is more secure than SSL. It depends on
> Yuri> what crypto algorithms are really used in each case. If you use
> Yuri> SSL, you'll get security at application level (a Web browser for
> Yuri> instance). If you use IPSec, you'll get security at network
> level,
> Yuri> in which case all your applications can be protected. I say
> "can",
>
> It has nothing to do with that.
> You can use, for instance, SSL or a GSSAPI enabled SOCKS-Winsock client
> and get "all your applications" protected. The difference between IPsec
> and something like SSL that runs over TCP is that SSL gets killed as soon
> as someone starts an active attack on the underlying TCP connection.
>
> :!mcr!: | Solidum Systems Corporation,
> http://www.solidum.com
> Michael Richardson |For a better connected world,where data flows
> faster<tm>
> Personal:
> http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
> mailto:mcr@sandelman.ottawa.on.ca mailto:mcr@solidum.com