[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: IPSec vs. SSL
On Tue, 19 Dec 2000, Paul Heber wrote:
> Look at a server that needs to be accessible from 100 points accross an
> open IP community. If you must run IPSec then you must run 100 Tunnels from
> 100 end points. This gets worse the more open that you want the secure
> network, say all 100 need to talk securely to all of the connections, it
> become n*n-1 tunnels and surely this is un-manageable from a business
> perspective.
Why? There is no reason why all of them have to exist simultaneously,
unless there is actually traffic flowing on all of them... and in any
case, there is no n*n-1 on any single machine. You could equally say that
there would have to be n*n-1 TCP connections involved, and nobody
complains about that.
I agree that n*n-1 gets troublesome if there needs to be explicit
per-tunnel management or configuration, but there is no fundamental
requirement for that.
Henry Spencer
henry@spsystems.net
References: