--- begin forwarded text Date: Wed, 04 Nov 1998 18:35:25 -0500 From: Pete Loshin <[EMAIL PROTECTED]> MIME-Version: 1.0 To: Robert Hettinga <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: dbts: Lions and TEMPESTs and Black Helicopters (Oh, My!) > At 09:28 AM 11/3/98 -0800, EKR replied: > > >Uh... IPSEC _isn't_ faster or cheaper than SSL. > > Let me raise another possible problem with substituting IPSEC for SSL -- > does anyone *really* have an IPSEC implementation that interfaces as > effectively with secure applications? ... IPsec happens at the network layer, SSL between the transport layer and the application layer. That means SSL provides a secure channel between _processes_ and IPsec provides a secure channel between _network nodes_ (really, between network interfaces). IPsec doesn't really have anything to do with applications--it's for encrypting and/or authenticating _datagrams_ (aka _packets_). IPsec, SSL (or something else at that layer) and application layer encryption (a la PGP email or S-HTTP) all address different requirements (IPsec==VPN, SSL==secure channel, S-HTTP==end-to-end application encryption). -pl +---------------------------------------+ | Pete Loshin [EMAIL PROTECTED] | | | | Editor, Corporate Internet Strategies | | | | _IPv6 Clearly Explained_ APP 1998 | | _TCP/IP Clearly Explained_ APP 1997 | +---------------------------------------+ --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
