Michael Ströder wrote:
>
> Peter Stamfest wrote:
> >
> > * IPSec is hard to configure
>
> But please give us a reason why you believe that the configuration
> of "your solution" would be easier.
IPSec doesn't support multicast, doesn't support Mobile IP, etc.
It's a point-to-point solution between routers which isn't
particularly manageable, and misses the boat in the case of
wireless users with palmtop devices, who need to traverse
firewalls at home and via foreign agents.
Despite the fact that Sun didn't manage the politics of the IETF
working group very well, SKIP is still superior to ISAKMP/Oakley,
free (on *BSD, Linux, etc.) and there exists a reference implementation.
Now that PKI is slowly emerging from the shadows, SKIP might usefully
be extended to use X.509v3 certs instead of unsigned Diffie-Hellman,
include the new AES ciphers and hash, and use LDAP for retrieval
of credentials.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
