[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Thu Feb 24 19:03:50 2005 -->
- <!--x-from-r13: zuj ng jvggfraq.pbz ([vpunry V. Inesvryq) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SSL-based VPNs (OpenVPN) vs IPSec -->
- <li><em>date</em>: Thu Feb 24 19:03:50 2005</li>
- <li><em>from</em>: mhw at wittsend.com (Michael H. Warfield)</li>
- <li><em>in-reply-to</em>: <<a href="msg00859.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00859.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SSL-based VPNs (OpenVPN) vs IPSec</li>
> Anyone prefer SSL over IPSec? Found an interesting paper on OpenVPN Security ->
> <a rel="nofollow" href="http://www.sans.org/rr/papers/20/1459.pdf";>http://www.sans.org/rr/papers/20/1459.pdf</a>
Personally, I would avoid an ssl based VPN like the plague. There is
no "perfect forward secrecy" or rekeying and the session keys can be
determined from the PKI authentication keys (in other words, if you
compromise the key from either end, you can decrypt the traffic, which
is not the case with IPSec w/ PFS and Diffie-Hellman).
> _Raju
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00928" href="msg00928.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00931" href="msg00931.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00859" href="msg00859.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
<ul><li><em>From:</em> protocoljunkie at gmail.com (M Raju)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00926.html">[ale] Hosting in Atlanta</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00928.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00859.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00928.html">[ale] SSL-based VPNs (OpenVPN) vs IPSec</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00927"><strong>Date</strong></a></li>
<li><a href="threads.html#00927"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>