At 12:08 AM 10/10/03 +0800, Ng Pheng Siong wrote:
>I believe SSL VPNs are easier than IPsec to deploy 

For the former, you give a password or two --maybe
reuse a POP3 that your users already have-- and all your
users get in fairly securely, and you can verify them.  
Easy for them because they already have a browser.  

(And some browsers, I recently found out, will accept a self-cert
for life, as well as remember your passwords.  Can you guess
which company made that convenience-vs-security tradeoff?)

For IPsec, you have to walk each of them through
installing the stack, etc.  Not fun, esp on multiple

and operate for the road
>warrior accessing corporate resources. This may eventually restrict IPsec's
>utility to site-to-site tunneling (useful when, e.g., one wishes to run
>OSPF over the tunnel), which _should_ be far easier to configure without
>needing the help of some whizbang AI.

Things *should* get easier for IPsec when its part of the "default"
client system, whether *nix or otherwise.  Then everything reverts
back to simple :-) key management.

He say "I know you, you know me"
He got x509 he got intrusion detection
He got secure DNS he got spam filter
He say "One and one and one is three"
Got to be spoofed 'cause he's so hard to see 

>From Link Together
J0hn L3nn0n

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to