[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

To: Paul Heber <pheber@qantas.com.au>
Subject: Re: Fw: IPSec vs. SSL
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 18 Dec 2000 20:03:33 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <OF094BB01A.85DE12D5-ON4A2569BA.00061615@qantas.com.au>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 19 Dec 2000, Paul Heber wrote:
> Look at a server that needs to be accessible from 100 points accross an
> open IP community. If you must run IPSec then you must run 100 Tunnels from
> 100 end points. This gets worse the more open that you want the secure
> network, say all 100 need to talk securely to all of the connections, it
> become n*n-1 tunnels and surely this is un-manageable from a business
> perspective.

Why?  There is no reason why all of them have to exist simultaneously,
unless there is actually traffic flowing on all of them... and in any
case, there is no n*n-1 on any single machine.  You could equally say that
there would have to be n*n-1 TCP connections involved, and nobody
complains about that. 

I agree that n*n-1 gets troublesome if there needs to be explicit
per-tunnel management or configuration, but there is no fundamental
requirement for that.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Fw: IPSec vs. SSL

From: "Paul Heber" <pheber@qantas.com.au>

Prev by Date: Fw: IPSec vs. SSL
Next by Date: Re: Fw: IPSec vs. SSL
Prev by thread: Re: Fw: IPSec vs. SSL
Next by thread: Re: Fw: IPSec vs. SSL
Index(es):
- Main
- Thread