Subject: | |
From: | |
Reply To: | [log in to unmask][log in to unmask]] > Sent: Thursday, December 28, 2000 8:30 AM > To: [log in to unmask]> Subject: Re: possible ER: bytestream support for DSCOPY? > > > I'm under the same impression, and it worries me a bit, as I quite > habitually use NS er DS ? for multiple sessions on multiple > boxes from one > terminal (ok, it's a Windoze PC, and this same scenario is > [...]60_28Dec200008:37: [log in to unmask] |
Date: | Fri, 22 Dec 2000 13:44:28 EST |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Mark Bixby rightly writes:
> The problem with SSH is that special clients and servers are required.
>
> It's a far cleaner solution to do security transparently at the IP
transport
> layer so that no applications have to be modified. This is the VPN
approach.
That is exactly correct. This is the right and proper place to put the
security process: at the transport layer. Security should be a process that
is completely invisible to everything above it [the various protocols (HTTP,
FTP, Telnet, etc.), and even higher yet, the application programs]. This is
the the simple and elegant solution.
> As was pointed out in another message in this thread, there are several VPN
> protocols to choose from. I think IPsec will eventually predominate here,
> and that it would be cool if MPE could support IPsec some day.
I wholly agree.
Wirt Atmar
|
|
|