Thor Lancelot Simon wrote:
It's fashionable in some circles (including, it seems, this one) to bash
IPsec (particularly IKE) and tout SSL VPNs (particularly OpenVPN) on what
are basically user interface grounds.
I cannot help repeatedly noting that -- I believe more so than with actual
IPsec
I've periodically posted that certain assumptions were made about safe
SSL deployment for electronic commerce that were almost immediately
invalidated.
The original assumptions assumed that the enduser knew the binding
between the webserve that they thot they were talking to and the