[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: IPSec vs. SSL

To: <ipsec@lists.tislabs.com>
Subject: Fw: IPSec vs. SSL
From: "Venkat RK Reddy" <vpothams@cisco.com>
Date: Mon, 18 Dec 2000 16:19:56 -0800
Sender: owner-ipsec@lists.tislabs.com

IPSec's advantage over SSL: It has more flexibility on choosing the authentication mechanisms (like the PreSharedKey), and therefore makes it difficult for the attacker to do man in the middle. SSL is based only on public key and with tools (like dsniff2.3), its possible to do man in the middle breaking SSL.

SSL's advantage over IPSec: In SSL, the client and the server exchage * hash * over the "initial handshake" and therefore is difficult for an attacker to control (change the proposals that the client has sent so that the server chooses the proposals that attacker sends or whatever) the main mode "initial" handshake.

More discussion on this would be enlightening and appreciated.

----- Original Message -----

From: Tim Lee

To: ipsec@lists.tislabs.com

Sent: Saturday, December 16, 2000 5:30 PM

Subject: Re: IPSec vs. SSL

Are there any situations where it is useful to have IPSec in addition to SSL?

Follow-Ups:

Re: Fw: IPSec vs. SSL

From: Rick Smith at Secure Computing <rick_smith@securecomputing.com>

Prev by Date: Re: IPSec vs. SSL
Next by Date: Re: Fw: IPSec vs. SSL
Prev by thread: Re: IPSec vs. SSL
Next by thread: Re: Fw: IPSec vs. SSL
Index(es):
- Main
- Thread