1994-12-13 - Re: IPSP and Netscape

Header Data

From: “Kipp E.B. Hickman” <kipp@warp.mcom.com>
To: perry@imsi.com
Message Hash: 5fffd407bf2c418ec19a5c1c2c0b117e4312f7190b4719d947a61911e9484df2
Message ID: <9412131057.ZM18561@warp.mcom.com>
Reply To: <9412131849.AA12640@snark.imsi.com>
UTC Datetime: 1994-12-13 18:59:28 UTC
Raw Date: Tue, 13 Dec 94 10:59:28 PST

Raw message

From: "Kipp E.B. Hickman" <kipp@warp.mcom.com>
Date: Tue, 13 Dec 94 10:59:28 PST
To: perry@imsi.com
Subject: Re: IPSP and Netscape
In-Reply-To: <9412131849.AA12640@snark.imsi.com>
Message-ID: <9412131057.ZM18561@warp.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain


On Dec 13,  1:49pm, Perry E. Metzger wrote:
> Subject: Re: IPSP and Netscape
>
> Kipp E.B. Hickman says:
> > I'm sorry you are so upset. :-(
> >
> > IPSP was not in my vocabulary at the time of the first posting. Ignorance
> > was briefly bliss :^)
>
> My complaint about Netscape is that you guys haven't been reading
> about what others have done. I understand your desire to get things
> done quickly, but you are making assumptions about whats out there and
> what works that aren't warranted.

I think you may have jumped to a conclusion here that is unwarranted. We are a
small company with limited experience and capacity. We did what we thought was
appropriate, however it may seem now.

> > However, regardless of whether or not extant hardware is reusable,
> > there is still the not so small matter of software. Software for PC's,
> > MAC's and a host of UNIX machines before a workable secure network can
> > be constructed.
>
> Certainly. SSL would also require software for all those platforms --
> its no different in this regard.

True. However, we have found a way to get it to the masses quickly. System
software is inherently more difficult to distribute, and consequently takes
more time. When I was doing operating system work at SGI, it was often a year
before the customer base would see the fruits of my labor. However, with
Netscape, things are faster and it is easier to get people to load an
"application" than it is to load a new winsock/kernel. The delivery vehicle is
very important to  the marketplace.

In my mind, SSL and IPSP are two solutions with very similar properties.
However, SSL can be implemented at the application layer. I'm not certain if
IPSP can, and I'm also not certain that if it could, people would be as happy
with it.

A (probably naive) question: If IPSP is essentially "tunnelling", don't
sysadmin's and the like get concerned that now their fancy routers etc. can no
longer shield certain classes of unwanted traffic?

> > Finally, I never said that "SSL is better than anything out there". I
> > don't know who did. All I said is that "SSL is something", which isn't
> > really saying much. SSL is A solution to A set of problems, namely
> > privacy and authentication.
>
> Privacy and authentication are also provided by IPSP. However, IPSP
> provides all sorts of advantages -- immunity from traffic analysis, no
> requirement to change the way an application operates to start using
> it, protection of the entire IP stack (not just TCP sockets), very
> minimal changes required to applications that want to use the
> information provided by the IPSP layer for authentication (and no need
> to change your read or write calls or anything), etc, etc, etc.

These are all good properties. As with any technology, it takes time to deploy.
When these capabilities are the norm instead of the rarity, SSL will no longer
be needed, except as a compatability crutch.


-- 
---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@mcom.com              http://www.mcom.com/people/kipp/index.html







Thread