[3590] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: dbts: Lions and TEMPESTs and Black Helicopters (Oh, My!)

daemon@ATHENA.MIT.EDU (Robert Hettinga)
Wed Nov 4 20:11:10 1998

Date: Wed, 4 Nov 1998 19:19:12 -0500
To: cryptography@c2.net
From: Robert Hettinga <rah@shipwright.com>


--- begin forwarded text


Date: Wed, 04 Nov 1998 18:35:25 -0500
From: Pete Loshin <pete@loshin.com>
MIME-Version: 1.0
To: Robert Hettinga <rah@shipwright.com>
CC: dcsb@ai.mit.edu
Subject: Re: dbts: Lions and TEMPESTs and Black Helicopters (Oh, My!)

> At 09:28 AM 11/3/98 -0800, EKR replied:
>
> >Uh... IPSEC _isn't_ faster or cheaper than SSL.
>
> Let me raise another possible problem with substituting IPSEC for SSL --
> does anyone *really* have an IPSEC implementation that interfaces as
> effectively with secure applications? ...

IPsec happens at the network layer, SSL between the transport layer and
the application layer. That means SSL provides a secure channel between
_processes_ and IPsec provides a secure channel between _network nodes_
(really, between network interfaces). IPsec doesn't really have anything
to do with applications--it's for encrypting and/or authenticating
_datagrams_ (aka _packets_).

IPsec, SSL (or something else at that layer) and application layer
encryption (a la PGP email or S-HTTP) all address different requirements
(IPsec==VPN, SSL==secure channel, S-HTTP==end-to-end application
encryption).

-pl

+---------------------------------------+
| Pete Loshin           pete@loshin.com |
|                                       |
| Editor, Corporate Internet Strategies |
|                                       |
|   _IPv6 Clearly Explained_ APP 1998   |
|  _TCP/IP Clearly Explained_ APP 1997  |
+---------------------------------------+

--- end forwarded text


-----------------
Robert A. Hettinga <mailto: rah@philodox.com>
Philodox Financial Technology Evangelism <http://www.philodox.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
home help back first fref pref prev next nref lref last post