Robert Moskowitz wrote:
>
> I have never liked the SSLvpn architecture. Never really liked the SSL
> handshake; just too chatty. I wear my biases quite plainly on my arm
> sleeve (I chaired the IPsec workgroup during the time the RFCs came
> out). You want security, go with IPsec. Even ESP NULL gives you per
> packet authentication and thus proof of server and client. Just pay the
> price for IKE, which I never liked. Part of the reason I invented HIP....
But ssl vpns work though just about any firewall/proxy/nat that already
permit https. Traversing those can be painful or impossible for ipsec.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: regarding vpn server for 1500 clients
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: regarding vpn server for 1500 clients
- From: Les Mikesell <lesmikesell@xxxxxxxxx>
- Date: Tue, 23 Dec 2008 13:02:40 -0600
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4951311C.7060509@xxxxxxxxxxxxxxx>
- References: <fa383761ffb286560653a6a5f36527eb.squirrel@xxxxxxxxxxxxxxxxxxxxxxx> <4951311C.7060509@xxxxxxxxxxxxxxx>
- User-agent: Thunderbird 2.0.0.19 (Windows/20081209)
- Follow-Ups:
- Re: regarding vpn server for 1500 clients
- From: Robert Moskowitz
- Re: regarding vpn server for 1500 clients
- References:
- regarding vpn server for 1500 clients
- From: dhaval . thakar
- Re: regarding vpn server for 1500 clients
- From: Robert Moskowitz
- regarding vpn server for 1500 clients
- Prev by Date: Re: regarding vpn server for 1500 clients
- Next by Date: Re: regarding vpn server for 1500 clients
- Previous by thread: Re: regarding vpn server for 1500 clients
- Next by thread: Re: regarding vpn server for 1500 clients
- Index(es):
 |