TLS vs. IPsec (Was: Re: experiments in the ietf week)

To: "Hallam-Baker, Phillip" <pbaker at verisign.com>, Iljitsch van Beijnum <iljitsch at muada.com>
Subject: TLS vs. IPsec (Was: Re: experiments in the ietf week)
From: Jari Arkko <jari.arkko at piuha.net>
Date: Mon, 24 Mar 2008 19:58:48 +0200
Cc: IETF Discussion <ietf at ietf.org>
Delivered-to: ietfarch-ietf-web-archive at core3.amsl.com
Delivered-to: ietf at core3.amsl.com
In-reply-to: <2788466ED3E31C418E9ACC5C316615570850B7 at mou1wnexmb09.vcorp.ad.vrsn.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <200803160116.m2G1GAGv003720 at drugs.dv.isc.org><340BF503-AE02-420E-8AE8-C99DC38088C6 at muada.com><20080319053351.3A3621B947A at kilo.rtfm.com> <32F1E943-3069-451D-9EFC-E81244A46C4C at muada.com> <2788466ED3E31C418E9ACC5C316615570850B7 at mou1wnexmb09.vcorp.ad.vrsn.com>
Sender: ietf-bounces at ietf.org
User-agent: Thunderbird 1.5.0.14ubu (X11/20080306)

Phillip, Iljitsch,
 
> If you beleive that there is an attack that SSL is vulnerable to you
> should bring it up in TLS.

I think Iljitsch meant that TLS cannot protect against TCP
vulnerabilities, such as spoofed connection resets. This is obviously
well known.

The upside of TLS has of course been that its been extremely easy to
deploy. That's the experiment the planet has been running for the last
decade, and I think the results speak for themselves ;-)

Now, if we had a proposal that turned IPsec into as easily deployable
between random clients and known servers as TLS, I would be interested
in a new experiment! But I did not see a proposal for that yet. Maybe
time for that draft that Phillip suggested in another thread, Iljitsch?

Jari

_______________________________________________
IETF mailing list
IETF at ietf.org
https://www.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: TLS vs. IPsec (Was: Re: experiments in the ietf week)
  - From: Iljitsch van Beijnum

References:
- Re: experiments in the ietf week
  - From: Mark Andrews
- Re: experiments in the ietf week
  - From: Iljitsch van Beijnum
- Re: experiments in the ietf week
  - From: Eric Rescorla
- Re: experiments in the ietf week
  - From: Iljitsch van Beijnum
- RE: experiments in the ietf week
  - From: Hallam-Baker, Phillip

Prev by Date: Write an RFC Was: experiments in the ietf week
Next by Date: Re: Write an RFC Was: experiments in the ietf week
Previous by thread: RE: experiments in the ietf week
Next by thread: Re: TLS vs. IPsec (Was: Re: experiments in the ietf week)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

TLS vs. IPsec (Was: Re: experiments in the ietf week)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.