On Dec 13, 1:49pm, Perry E. Metzger wrote:
Subject: Re: IPSP and Netscape
Kipp E.B. Hickman says:
I'm sorry you are so upset. :-(
IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^)
My complaint about Netscape is that you guys haven't been reading about what others have done. I understand your desire to get things done quickly, but you are making assumptions about whats out there and what works that aren't warranted.
I think you may have jumped to a conclusion here that is unwarranted. We are a small company with limited experience and capacity. We did what we thought was appropriate, however it may seem now.
However, regardless of whether or not extant hardware is reusable, there is still the not so small matter of software. Software for PC's, MAC's and a host of UNIX machines before a workable secure network can be constructed.
Certainly. SSL would also require software for all those platforms -- its no different in this regard.
True. However, we have found a way to get it to the masses quickly. System software is inherently more difficult to distribute, and consequently takes more time. When I was doing operating system work at SGI, it was often a year before the customer base would see the fruits of my labor. However, with Netscape, things are faster and it is easier to get people to load an "application" than it is to load a new winsock/kernel. The delivery vehicle is very important to the marketplace. In my mind, SSL and IPSP are two solutions with very similar properties. However, SSL can be implemented at the application layer. I'm not certain if IPSP can, and I'm also not certain that if it could, people would be as happy with it. A (probably naive) question: If IPSP is essentially "tunnelling", don't sysadmin's and the like get concerned that now their fancy routers etc. can no longer shield certain classes of unwanted traffic?
Finally, I never said that "SSL is better than anything out there". I don't know who did. All I said is that "SSL is something", which isn't really saying much. SSL is A solution to A set of problems, namely privacy and authentication.
Privacy and authentication are also provided by IPSP. However, IPSP provides all sorts of advantages -- immunity from traffic analysis, no requirement to change the way an application operates to start using it, protection of the entire IP stack (not just TCP sockets), very minimal changes required to applications that want to use the information provided by the IPSP layer for authentication (and no need to change your read or write calls or anything), etc, etc, etc.
These are all good properties. As with any technology, it takes time to deploy. When these capabilities are the norm instead of the rarity, SSL will no longer be needed, except as a compatability crutch. -- --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html