ietf-asrg
[Top] [All Lists]

RE: [Asrg] Spam Control Complexity -- scaling, adoption, diversit y and scenarios

2003-04-20 19:09:36

Need more proof?
    IPSEC - Has failed in its design niche, currently losing
            ground to SSL based VPNs which work better through
            NAT
    DNSSEC - Still a theory
    IPv6 - Still a theory

Hmm. I use IPSec-based VPN every day, and it works fine via my cheap 
NAT box without my having to do any reconfiguration at all. 
I've never 
seen an SSL-based VPN system.

Neither did I until I went to RSA last week and saw them on ten 
different stands with analysts from Gartner et. al. predicting they 
will soon dominate.

Incidentally the reason your IPSEC VPN works through NAT is because
your NAT box is doing special handling for the IPSEC protocol. I had
to replace my NAT box to get the IPSEC VPN to work, the handling code
required is pretty ugly. This could all be avoided, however at the
time the voice of the IAB was 'IPSEC is unfriendly to NAT, some do not
consider this to be an undesirable state of affairs' - sniggers from
the IPSEC working group listening.


I've also not seen any use of PKI, bar certificates on web sites for 
SSL.

Perhaps you havent used a DOCSIS II cable modem, or a WAP phone or
a recent Intel chipset... Hint, PKI is rather better if you do not
see it.

                Phill 
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>