Open Source (was Simple SSL/TLS - Some Questions)

David Honig dahonig at cox.net
Fri Oct 10 23:48:20 EDT 2003


At 12:08 AM 10/10/03 +0800, Ng Pheng Siong wrote:
>I believe SSL VPNs are easier than IPsec to deploy 

For the former, you give a password or two --maybe
reuse a POP3 that your users already have-- and all your
users get in fairly securely, and you can verify them.  
Easy for them because they already have a browser.  

(And some browsers, I recently found out, will accept a self-cert
for life, as well as remember your passwords.  Can you guess
which company made that convenience-vs-security tradeoff?)

For IPsec, you have to walk each of them through
installing the stack, etc.  Not fun, esp on multiple
platforms.

and operate for the road
>warrior accessing corporate resources. This may eventually restrict IPsec's
>utility to site-to-site tunneling (useful when, e.g., one wishes to run
>OSPF over the tunnel), which _should_ be far easier to configure without
>needing the help of some whizbang AI.

Things *should* get easier for IPsec when its part of the "default"
client system, whether *nix or otherwise.  Then everything reverts
back to simple :-) key management.


He say "I know you, you know me"
He got x509 he got intrusion detection
He got secure DNS he got spam filter
He say "One and one and one is three"
Got to be spoofed 'cause he's so hard to see 

>From Link Together
J0hn L3nn0n





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list