[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: IPSec vs. SSL

To: Paul Heber <pheber@qantas.com.au>
Subject: Re: Fw: IPSec vs. SSL
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 18 Dec 2000 20:21:32 -0500 (EST)
cc: ipsec@lists.tislabs.com
In-Reply-To: <OF991B1D81.3BDC8DF6-ON4A2569BA.000B895E@qantas.com.au>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 19 Dec 2000, Paul Heber wrote:
>> I agree that n*n-1 gets troublesome if there needs to be explicit
>> per-tunnel management or configuration, but there is no fundamental
>> requirement for that.
>
> You are right there is no fundamental need unless the business requires it.

I didn't say "unless the business requires it".  I said "no fundamental
requirement", and I meant it.  There is no reason why a human should have
to configure all those tunnels by hand, any more than he would have to
configure the corresponding set of TCP connections by hand.  Think
abstraction, mechanization, lazy evaluation:  say in general terms what is
permitted, and let the software set up the details as required, perhaps
only when needed. 

(I'm not saying that current software *supports* this well yet, but that
can be fixed.)

> SSL is dynamic wheras IPSec needs setup and maintenance.

Why?

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: Fw: IPSec vs. SSL

From: "Paul Heber" <pheber@qantas.com.au>

Prev by Date: Re: Fw: IPSec vs. SSL
Next by Date: Re: Fw: IPSec vs. SSL
Prev by thread: Re: Fw: IPSec vs. SSL
Next by thread: Re: Fw: IPSec vs. SSL
Index(es):
- Main
- Thread