On 6/8/20 10:24 AM, Nick Hilliard wrote:
Michael Thomas wrote on 08/06/2020 17:59:
On 6/8/20 2:09 AM, Nick Hilliard wrote:
in their current incarnations, transport mode ipsec and tcp-ao
aren't deployable at scale in the same way that tls is.
why would you say that? what layer the crypto is performed seems sort
of irrelevant: rsa, aes and sha don't care who calls them. i assume
that you can hack ipsec to emulate clients not having certs. what's
left?
Usability? How about you put someone's granny in front of a computer
and give her the simple task of transferring some data over tls, or
tcp-ao, or ipsec. Any data would do, e.g a http GET, or a one-line
message to her grand-daughter to say happy birthday.
Uh, why are you selling apps so short? An app is capable of making
library calls for TLS but incapable of making the OS calls for IPsec?
That's just silly.
The only reason, imo, that tls took hold is because it beat ipsec to the
market. By the time ipsec was well supported, nobody cared any more.
Mike
