[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: IPSec vs. SSL
On Tue, 19 Dec 2000, Paul Heber wrote:
> Look at a server that needs to be accessible from 100 points accross an
> open IP community. If you must run IPSec then you must run 100 Tunnels from
> 100 end points. This gets worse the more open that you want the secure
> network, say all 100 need to talk securely to all of the connections, it
> become n*n-1 tunnels and surely this is un-manageable from a business
Why? There is no reason why all of them have to exist simultaneously,
unless there is actually traffic flowing on all of them... and in any
case, there is no n*n-1 on any single machine. You could equally say that
there would have to be n*n-1 TCP connections involved, and nobody
complains about that.
I agree that n*n-1 gets troublesome if there needs to be explicit
per-tunnel management or configuration, but there is no fundamental
requirement for that.