[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSP and Netscape



I've tried really hard to stay out of this, but this one is just too much.

The question is about IPSP, the swIPe-like IP level security protocol.

   From: "Kipp E.B. Hickman" <[email protected]>

   Name one router that speaks the secure protocols you are
   documenting? Name one PPP based bridge that does? Show me, today,
   what percentage of the Internet is covered by these standards?

   [ ... later ... ]

   My company's network hardware is typical. It is filled with
   expensive devices that don't understand IPSP or IPNG. In fact, most
   of the world is constructed this way.

The protocol does IP-within-IP encapsulation, which means that every
single router deployed is able to carry the secured traffic.

Now, this is not so egregious an error by itself (it is, but I'm being
polite), but coupled with the claims that SSL is better than anything
else out there, I see an argument from chauvinism rather than one from
knowledge.

Since IPSP works at the IP level rather than at the TCP level there
are protocol stacks that have to change.  This is not immediate.  It
may be that IPSP is not the quickest or best way to link security, but
that is not the point I am making here.  The original denial of IPSP's
potential utility was made in complete ignorance, ignorance so great
to lack even the most basic understanding of the subject at hand.

I cannot trust abbreviated arguments from such a source.  I can,
however, examine ones which are complete and well thought out and
demonstrate some understanding of tradeoffs.

Eric