From: kipp@warp.mcom.com (Kipp E.B. Hickman)
Date: Tue, 13 Dec 94 10:18:06 PST
To: eric@remailer.net
Subject: Re: IPSP and Netscape
Message-ID: <9412131807.AA18482@warp.mcom.com>
MIME-Version: 1.0
Content-Type: text/plain



In article <199412130302.TAA00871@largo.remailer.net>, you write:
> I've tried really hard to stay out of this, but this one is just too much.
> 
> The question is about IPSP, the swIPe-like IP level security protocol.
> 
>    From: "Kipp E.B. Hickman" <kipp@warp.mcom.com>
> 
>    Name one router that speaks the secure protocols you are
>    documenting? Name one PPP based bridge that does? Show me, today,
>    what percentage of the Internet is covered by these standards?
> 
>    [ ... later ... ]
> 
>    My company's network hardware is typical. It is filled with
>    expensive devices that don't understand IPSP or IPNG. In fact, most
>    of the world is constructed this way.
> 
> The protocol does IP-within-IP encapsulation, which means that every
> single router deployed is able to carry the secured traffic.
> 
> Now, this is not so egregious an error by itself (it is, but I'm being
> polite), but coupled with the claims that SSL is better than anything
> else out there, I see an argument from chauvinism rather than one from
> knowledge.
> 
> Since IPSP works at the IP level rather than at the TCP level there
> are protocol stacks that have to change.  This is not immediate.  It
> may be that IPSP is not the quickest or best way to link security, but
> that is not the point I am making here.  The original denial of IPSP's
> potential utility was made in complete ignorance, ignorance so great
> to lack even the most basic understanding of the subject at hand.
> 
> I cannot trust abbreviated arguments from such a source.  I can,
> however, examine ones which are complete and well thought out and
> demonstrate some understanding of tradeoffs.

I'm sorry you are so upset. :-(

IPSP was not in my vocabulary at the time of the first posting. Ignorance
was briefly bliss :^)

However, regardless of whether or not extant hardware is reusable,
there is still the not so small matter of software. Software for PC's,
MAC's and a host of UNIX machines before a workable secure network can
be constructed. It is a good thing that IPSP requires only software to
meet it's goals. This same property is true of SSL.

Finally, I never said that "SSL is better than anything out there". I
don't know who did. All I said is that "SSL is something", which isn't
really saying much. SSL is A solution to A set of problems, namely
privacy and authentication.

---------------------------------------------------------------------
Kipp E.B. Hickman          Netscape Communications Corp.
kipp@mcom.com              http://www.mcom.com/people/kipp/index.html