To: TimeToMakeTheInvs who wrote (2851 ) 6/25/1998 10:12:00 PM From: jttmab Respond to
You are correct in saying that there is a consensus recommendation to support IPSEC, though personally I don't share the enthusiasm. IPSEC has acknowledged problems both in security, such as the man-in-the-middle attack, as well as some implementation issues. For example, IPSEC hasn't yet addressed the multipath problem....in IP routing individual datagrams may take different paths, or routes along the network, if these paths involve other IPSEC compliant devices, keys will not likely be established for the session....Let's not also forget that IPSEC is a draft standard and IPSEC compliance is only deemed for a minimal set of poor security solutions such as 56-bit DES. Microsoft was responsible for PPTP, well known to be quite poor with respect to security; while the chief sponsor of SOCKS was NEC and does have the support of MS. You might find: aventail.com to be of interest in helping sort through these. (Note that the paper was prepared by Aventail, a SOCKS VPN vendor).
