On 19 mrt 2008, at 1:46, Eric Rescorla wrote:
A more interesting experiment would be to do away with SSL for a bit
and use IPsec instead.
Why would this be either interesting or desirable?
SSL is vulnerable to more attacks than IPsec and IPsec is more general
than SSL. As such it would be good if we could have IPsec deployment
similar to SSL deployment, similar to how it would be good to have
IPv6 rather than IPv4 deployment, so a similar experiment could be
useful in showing what if any the reasons are we're still stuck with
the inferior SSL/TLS technology.
IETF mailing list