In article <199412130302.TAA00871@largo.remailer.net>, you write:
I've tried really hard to stay out of this, but this one is just too much.
The question is about IPSP, the swIPe-like IP level security protocol.
From: "Kipp E.B. Hickman" <kipp@warp.mcom.com>
Name one router that speaks the secure protocols you are documenting? Name one PPP based bridge that does? Show me, today, what percentage of the Internet is covered by these standards?
[ ... later ... ]
My company's network hardware is typical. It is filled with expensive devices that don't understand IPSP or IPNG. In fact, most of the world is constructed this way.
The protocol does IP-within-IP encapsulation, which means that every single router deployed is able to carry the secured traffic.
Now, this is not so egregious an error by itself (it is, but I'm being polite), but coupled with the claims that SSL is better than anything else out there, I see an argument from chauvinism rather than one from knowledge.
Since IPSP works at the IP level rather than at the TCP level there are protocol stacks that have to change. This is not immediate. It may be that IPSP is not the quickest or best way to link security, but that is not the point I am making here. The original denial of IPSP's potential utility was made in complete ignorance, ignorance so great to lack even the most basic understanding of the subject at hand.
I cannot trust abbreviated arguments from such a source. I can, however, examine ones which are complete and well thought out and demonstrate some understanding of tradeoffs.
I'm sorry you are so upset. :-( IPSP was not in my vocabulary at the time of the first posting. Ignorance was briefly bliss :^) However, regardless of whether or not extant hardware is reusable, there is still the not so small matter of software. Software for PC's, MAC's and a host of UNIX machines before a workable secure network can be constructed. It is a good thing that IPSP requires only software to meet it's goals. This same property is true of SSL. Finally, I never said that "SSL is better than anything out there". I don't know who did. All I said is that "SSL is something", which isn't really saying much. SSL is A solution to A set of problems, namely privacy and authentication. --------------------------------------------------------------------- Kipp E.B. Hickman Netscape Communications Corp. kipp@mcom.com http://www.mcom.com/people/kipp/index.html