I would agree that HTTPS has been more successful than WEP, in the sense of providing defense against real threats. HTTPS actually defends against some real attacks, providing an effective answer to a clearly defined problem: preventing the exposure of sensitive information such as credit card numbers, even in the face of eavesdropping and server impersonation. This is only one threat model and maybe not the most realistic one, but HTTPS does define it and address it. Meanwhile, WEP is too weak to prevent any attacks; and even if it were not cryptographically weak, its stone-age key management would make it a poor tool for any network with more than a handful of users.
My view was that ipsec had been in progress for some time and not making a whole lot of headway. At the San Jose IETF meeting (fall '94?), VPN was introduced in a router/gateway working group. This caused quite a bit of consternation among the router vendors that didn't have processing to implement the required cryptography operations (and you saw some vaporware product announcements following the meeting). It also caused some consternation among the ipsec group. Eventually most of the router vendors upgraded to processors that could handle the VPN requirements and it started to make some deployment progress. The ipsec group somewhat came to terms by referring to VPN as lightweight ipsec (and the vpn group referring to ipsec as heavyweight security).
HTTPS came out about the same period. It basically is a transport layer protocol implemented in the application layer .... again ipsec implementation and distribution at the operating system level was not making a lot of progress ... and so a vendor could build HTTPS into their product and distribute it w/o having to worry about dependencies on other vendor components.
There is some postings in sci.crypt that while you see pervasive distribution of HTTPS support ... supposedly the percentage of web sites that actually offer up HTTPS (and SSL domain name server certificates) is around the one percent range.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
