Linux Today: Linux News On Internet Time.

RootPrompt.org: Response to the feature on IPv6 vs. SSL

Jun 05, 2000, 16:54 (0 Talkback[s])
(Other stories by Jeremey Barrett)

[ Thanks to Noel for this link. ]

"Reto Haeni's paper on IPv6 and SSL explains a number of fundamental differences between the two protocols but fails to communicate why they are different. It is also quite out of date (it appears to have been written in 1996) and as a result some of its facts are no longer true. The paper is misleading (though clearly not intentionally) due to its age and its failure to address the differences between SSL and IPv6 adequately."

"IPv6, or more to the point, IPsec is designed to provide host-to-host, subnet-to-subnet, and host-to-subnet encryption and authentication, as stated in Haeni's paper. Most often it is likely to be used in either a subnet-to-subnet model, where the goal is to encrypt the traffic between two networks, or host-to-subnet model, where the goal is to encrypt traffic from one machine to a network. The first model is typical of "virtual private networks," or VPNs, where two geographically separated networks in the same organization are connected to each other over the Internet by means of an encrypted IPsec tunnel. The second model is typical of "road warriors," workers on the road, who wish to securely connect to their organization's home network to access some service."

"IPsec is also critical for securing the Internet infrastructure by encrypting all traffic on the Net. If every gateway to a subnet is IPsec-enabled, then traffic between it and every other subnet can be encrypted and authenticated. This is important for data security, privacy, and prevention of many kinds of cracker attacks that happen now."

Complete Story

Related Stories: