[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSP and Netscape




In article <[email protected]>, you write:
> I've tried really hard to stay out of this, but this one is just too much.
> 
> The question is about IPSP, the swIPe-like IP level security protocol.
> 
>    From: "Kipp E.B. Hickman" <[email protected]>
> 
>    Name one router that speaks the secure protocols you are
>    documenting? Name one PPP based bridge that does? Show me, today,
>    what percentage of the Internet is covered by these standards?
> 
>    [ ... later ... ]
> 
>    My company's network hardware is typical. It is filled with
>    expensive devices that don't understand IPSP or IPNG. In fact, most
>    of the world is constructed this way.
> 
> The protocol does IP-within-IP encapsulation, which means that every
> single router deployed is able to carry the secured traffic.
> 
> Now, this is not so egregious an error by itself (it is, but I'm being
> polite), but coupled with the claims that SSL is better than anything
> else out there, I see an argument from chauvinism rather than one from
> knowledge.
> 
> Since IPSP works at the IP level rather than at the TCP level there
> are protocol stacks that have to change.  This is not immediate.  It
> may be that IPSP is not the quickest or best way to link security, but
> that is not the point I am making here.  The original denial of IPSP's
> potential utility was made in complete ignorance, ignorance so great
> to lack even the most basic understanding of the subject at hand.
> 
> I cannot trust abbreviated arguments from such a source.  I can,
> however, examine ones which are complete and well thought out and
> demonstrate some understanding of tradeoffs.

I'm sorry you are so upset. :-(

IPSP was not in my vocabulary at the time of the first posting. Ignorance
was briefly bliss :^)

However, regardless of whether or not extant hardware is reusable,
there is still the not so small matter of software. Software for PC's,
MAC's and a host of UNIX machines before a workable secure network can
be constructed. It is a good thing that IPSP requires only software to
meet it's goals. This same property is true of SSL.

Finally, I never said that "SSL is better than anything out there". I
don't know who did. All I said is that "SSL is something", which isn't
really saying much. SSL is A solution to A set of problems, namely
privacy and authentication.

---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
[email protected]              http://www.mcom.com/people/kipp/index.html