>Robert Hettinga <[EMAIL PROTECTED]> writes: >> ... using an encrypted link with at least SSL, and, at some point, people >> will demand much cheaper and faster internet-level encryption ala IPSEC to >> move their money (and their other bits worth money) around. At 09:28 AM 11/3/98 -0800, EKR replied: >Uh... IPSEC _isn't_ faster or cheaper than SSL. Let me raise another possible problem with substituting IPSEC for SSL -- does anyone *really* have an IPSEC implementation that interfaces as effectively with secure applications? The conventions of the socket interface don't provide a way for an application to reach down into the stack and manage that security association, or even extract the certificate associated with it. No doubt it could be done with enough elbow grease and stack hacking, but it doesn't seem to be the direction IPSEC vendors are going. IPSEC's role seems typecast as a VPN carrier while SSL does the job when an application needs to manage the crypto association itself. Rick. [EMAIL PROTECTED] "Internet Cryptography" at http://www.visi.com/crypto/
