[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: swIPe abstract (was Re: raptor encryption)
From:       peter () baileynm ! com (Peter da Silva)
Date:       1997-07-21 8:42:29
[Download RAW message or body]

> > Oh yes. IPsec is really taking off like wildfire, isn't it?

> Humorous, but care to speculate as to why it isn't wide-spread at this
> point?

A freely available good-enough implementation is better than an ideal
implementation that requires application changes.

> Is ssh the alternative these days?

ssh is good-enough. It's not a true IP tunnel, like swIPe or AltaVista/PPTP/...
it's more like a distributed proxy arrangement. But for a lot of purposes
that's as good, and for others it's even better for the same reason that a
proxy is easier to implement securely than a packet filter.

swIPe could possibly do the job, if a standard for wrapping RSA or D-H key
exchange over its private-key encryption model could be agreed on.

[prev in list] [next in list] [prev in thread] [next in thread]