---

RootPrompt.org: Response to the feature on IPv6 vs. SSL

[ Thanks to Noel
for this link. ]

Reto Haeni’s paper on IPv6 and SSL explains a number of
fundamental differences between the two protocols but fails to
communicate why they are different. It is also quite out of date
(it appears to have been written in 1996) and as a result some of
its facts are no longer true. The paper is misleading (though
clearly not intentionally) due to its age and its failure to
address the differences between SSL and IPv6 adequately.

“IPv6, or more to the point, IPsec is designed to provide
host-to-host, subnet-to-subnet, and host-to-subnet encryption and
authentication, as stated in Haeni’s paper. Most often it is likely
to be used in either a subnet-to-subnet model, where the goal is to
encrypt the traffic between two networks, or host-to-subnet model,
where the goal is to encrypt traffic from one machine to a network.
The first model is typical of “virtual private networks,” or VPNs,
where two geographically separated networks in the same
organization are connected to each other over the Internet by means
of an encrypted IPsec tunnel. The second model is typical of “road
warriors,” workers on the road, who wish to securely connect to
their organization’s home network to access some service.”

“IPsec is also critical for securing the Internet infrastructure
by encrypting all traffic on the Net. If every gateway to a subnet
is IPsec-enabled, then traffic between it and every other subnet
can be encrypted and authenticated. This is important for data
security, privacy, and prevention of many kinds of cracker attacks
that happen now.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis