[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

On Tue, 19 Dec 2000, Paul Heber wrote:
> Look at a server that needs to be accessible from 100 points accross an
> open IP community. If you must run IPSec then you must run 100 Tunnels from
> 100 end points. This gets worse the more open that you want the secure
> network, say all 100 need to talk securely to all of the connections, it
> become n*n-1 tunnels and surely this is un-manageable from a business
> perspective.

Why?  There is no reason why all of them have to exist simultaneously,
unless there is actually traffic flowing on all of them... and in any
case, there is no n*n-1 on any single machine.  You could equally say that
there would have to be n*n-1 TCP connections involved, and nobody
complains about that. 

I agree that n*n-1 gets troublesome if there needs to be explicit
per-tunnel management or configuration, but there is no fundamental
requirement for that.

                                                          Henry Spencer