[16659] in cryptography@c2.net mail archive
OpenVPN and "SSL VPNs"
daemon@ATHENA.MIT.EDU (Stefan Mink)
Fri Jan 7 16:28:17 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 07 Jan 2005 13:59:14 +0100
From: Stefan Mink <mink@schlund.net>
To: cryptography@metzdowd.com
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE5908779951F2EA568FDCCC6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I already stumbled several times over OpenVPN but never
had the time to look at it in detail. Now I had but didn't
find many infos except "many lucky users" and few negative
outputs.
I have two open points:
a) It would be good to hear from this community if there
are any negative aspects of OpenVPN (vs. IPsec VPNs).
b) I still have a problem with the term "SSL/TLS VPN". What
OpenVPN seems to do is use SSL for authentication and
key exchange/rekeying, but does use "ESP similar"
data protection schemes/formats. Does the usage of
SSL on a "control plane" make OpenVPN an "SSL VPN"?
This sounds to me like calling something a car just
because it uses a steering wheel... So far I thought
about SSL VPNs as doing everything over SSL (with
the known disadvantages...).
tschuess
Stefan Mink
--
Stefan Mink, Schlund+Partner AG (AS 8560)
Primary key fingerprint: 389E 5DC9 751F A6EB B974 DC3F 7A1B CF62 F0D4 D2BA
--------------enigE5908779951F2EA568FDCCC6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB3oelehvPYvDU0roRAjbqAKCzkh3G3k+3iVwV96CbHzjtCHFOXACg29Gt
5Y7RvGoWKi0AQ9u5wZvhiEY=
=DeeF
-----END PGP SIGNATURE-----
--------------enigE5908779951F2EA568FDCCC6--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
