Re: TLS vs. IPsec (Was: Re: experiments in the ietf week)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24 mrt 2008, at 18:58, Jari Arkko wrote:

> Now, if we had a proposal that turned IPsec into as easily deployable
> between random clients and known servers as TLS, I would be interested
> in a new experiment! But I did not see a proposal for that yet. Maybe
> time for that draft that Phillip suggested in another thread,  
> Iljitsch?

I'm afraid that won't work because of scheduling conflicts if I wanted  
to present such a draft to the appropriate SEC area wg...

A quick s/TLS/IPsec/g isn't realistic, but I would certainly be  
interested in seeing one or more IETF services use some kind of IPsec  
protection in order to see if this is workable in practice. There are  
APIs that allow applications to set this up on a per-application  
basis, unless I'm mistaken.

And yes, the issues I referred to are DoS and TCP spoofing. These can  
only be protected against at the  network level. Encryption can, and  
therefore, probably should, be handled at the transport level. (That  
is not to say that authentication at the network level is entirely  
useless, just that it can protect against more stuff at the network  
level.)
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]