[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fw: IPSec vs. SSL
Much of this SSL vs. IPsec discussion has been based on unarticulated
assumptions, and there have been some explicit technical errors,
further confusing the debate.
One fair observation is that SSL configuration, from a client
perspective, is much easier than for IPsec precisely because SSL does
not address access control issues. Even at the server side, access
control is an add on, outside scope of SSL. This relates to the
observation made earlier re pre-configured CAs in SSL clients. This
is a convenience feature that works fairly well for the public access
to server model that SSL is designed to support. It is less
attractive in an intranet environment, as it creates more
opportunities for spoofing. But, even this is not a criticism of
SSL, because SSL does not embody any notion of root CAs in clients.
All fo that is outside the SSL spec, and is not standardized.
So, let's keep in mind the differences between standards and
implementations when comparing SSL and IPsec. There are legitimate
differences in services and functional requirements between these
protocols, and many of these differences relate to the contexts for
which each was designed. In some cases they might be competitors, in
other cases one offers features that make it incomparable to the
other.
Steve
References: