[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: IPSec vs. SSL

IPSec's advantage over SSL: It has more flexibility on choosing the authentication mechanisms (like the PreSharedKey), and therefore makes it difficult for the attacker to do man in the middle.  SSL is based only on public key and with tools (like dsniff2.3), its possible to do man in the middle breaking SSL.
SSL's advantage over IPSec: In SSL, the client and the server exchage * hash * over the "initial handshake" and therefore is difficult for an attacker to control (change the proposals that the client has sent so that the server chooses the proposals that attacker sends or whatever) the main mode "initial" handshake.
More discussion on this would be enlightening and appreciated.
----- Original Message -----
From: Tim Lee
To: ipsec@lists.tislabs.com
Sent: Saturday, December 16, 2000 5:30 PM
Subject: Re: IPSec vs. SSL

Are there any situations where it is useful to have IPSec in addition to SSL?