tcp/routing question...
Felipe Alfaro Solana
felipe.alfaro at gmail.com
Tue Jun 7 20:13:52 UTC 2005
On 6/7/05, bruce <bedouglas at earthlink.net> wrote:
> matt...
>
> if i understand them both, ssl/ipsec are essentially the same thing, ie the
> ability to create a secure connection between two points...
No... SSL operates at a higher level in the TCP/IP protocol stack. To
be more concrete, SSL is an application-level protocol, whereas IPSec
operates at the network level. IPSec can be configured to set up an
encrypted and/or authenticated link between two peers, or in tunnel
mode, where IP datagrams coming from several client machines get
multiplexed, encapsulated, encrypted and/or authenticated, then sent
over a "tunnel" over a public IP network to the tunnel endpoint, where
the process is reversed and the decapsulated packet delivered to its
target.
SSL is an application service, and end-to-end encrypted/authenticated
link between application peers and thus, the protocol or application
must explicitly support it (although there are tricks like using
stunnel). IPSec encrypts/authenticates a whole link (or parts of a
link) and it's application transparent: you can implement an
IPSec-protected link and have SSL-unfriendly or SSL-disabled
applications or protocols get automatic encryption/authentication via
IPSec features.
More information about the fedora-list
mailing list