funsec mailing list archives
Re: Gartner: IPsec Dead by 2008
From: Erik Fichtner <emf () nfr net>
Date: Mon, 16 Jan 2006 15:13:10 -0500
Fergie wrote:
Huh. That's news to me. :-) I'd be curious to hear what others think about this...
At first blush, "Good!" comes to mind. IPsec/IKE is terrifically complicated and is serious overkill when deployed as "The Technology That People Want"(tm); which is to say the traditional many-to-one remote access solution. SSL-"VPN"'s are filling telnet's shoes-- shoes that telnet took away from RS232 technologies (terminals, modems, teletypes, oh my.) IPsec is no good for that remote access. Baking or grafting TUNNEL mode IPsec into every end node was a mistake. TRANSPORT mode IPsec is a great tool for building secure LANs out of. TUNNEL IPsec is a great tool for connecting sites together. Most of "us" don't have that kind of network, though.[1] At my previous job, we were phasing out IPsec towards SSL when I left.[2] I'm using an SSL connection right now. From my POV, Gartner's predicting the past. Gartner's no good with forecasting dates, though, so I'd pad it to 2010, since there are still sites that have managed to flog IPsec/IKE TUNNEL into just barely working as long as they don't poke it too often, and as those break down; they tend to convert to easier answers; SSL-blick. Network admins will still use IPsec, as it's the best tool for their job. [1] I've got a small experimental net at the house that requires transport ipsec to pass packets from node to node. IPsec interoperability falls somewhere between "Sucks" and "Doesn't". ;-) I can't imagine trying to do that in a real production environment. [2] niche-market hosting provider. -- Erik Fichtner NFR Rapid Response Team
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Gartner: IPsec Dead by 2008 Fergie (Jan 16)
- Re: Gartner: IPsec Dead by 2008 Dude VanWinkle (Jan 16)
- Re: Gartner: IPsec Dead by 2008 TheGesus (Jan 16)
- Re: Gartner: IPsec Dead by 2008 Florian Weimer (Jan 17)
- Re: Gartner: IPsec Dead by 2008 Anton Chuvakin (Jan 27)
- Re[2]: Gartner: IPsec Dead by 2008 Pierre Vandevenne (Jan 28)
- Re: Gartner: IPsec Dead by 2008 Florian Weimer (Jan 17)
- Re: Gartner: IPsec Dead by 2008 Erik Fichtner (Jan 16)
- Re: Gartner: IPsec Dead by 2008 Florian Weimer (Jan 17)
- Re: Gartner: IPsec Dead by 2008 John Levine (Jan 16)
- RE: Gartner: IPsec Dead by 2008 William Lefkovics (Jan 16)