[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: IPSec vs. SSL
It seems to me that many of the stated evils of SSL described in the
Security portal article by Kurt Seifried would reside in IPSEC as well, if
the roles had been reversed.
It's obvious that one would be able to forge a server certificate in either
world, given the state of the browser certificate infrastructure. There's
the risk that someone might insert a bogus CA key in your browser. There's
the risk that someone will subvert the API to a CA already in the browser,
and yield a cert for an existing site. And, of course, there's the real
risk that the attacker will simply submit a new cert that doesn't match
*any* of your CAs, and you'll accept it so you can order Johnny's Beanie
Babie Star Wars Lego Mindstorms Cabbage Patch Furby in time for holiday
If we were using IPSEC instead of SSL for ordering our holiday gifts, then
we'd have to have the same sort of flexibility in IPSEC implementations.
That flexibility evolved due to demands of the SSL community, both servers
and clients. So the problems would most likely have found their way into
IPSEC implementations, if they were as mature and widespread as SSL, and
being used for the same applications.
Remember, it's impossible to build a theft-proof car. Some folks will
always leave the car unlocked, or leave their keys in the ignition, or
forget to remove their distributor cap before leaving, etc.