Re: Protocol stack - disadvantages (revision)

• Previous message: Anne & Lynn Wheeler: "Re: Protocol stack - disadvantages (revision)"
• In reply to: Wolfgang Kueter: "Re: Protocol stack - disadvantages (revision)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Apr 2005 17:31:17 -0600

another example ... also from the early/mid 90s ... about the same
time as the switch-over to hierarchical routing was ipsec vis-a-vis
SSL. ipsec was suppose to handle all the function ... totally
encapsulated in the lower-level protocol levels.

SSL came along at the application level and subsume some amount of the
function being projected (at the time) for ipsec. the whole
certificate and public key stuff was supposed to be the lower-level
function in ipsec (using publickey stuff to setup transport layer
encrypted channel). SSL did all that ... but SSL in the
application/browser implementation (w/o requiring anybody to change
the machine's protocol stack and/or operating system) also used the
same public key certificate to check whether the domain name typed
into the browser was the same domain name on the certificate. in the
ipsec scenario it would have been handled all at the lower level ...
which had no idea what a person had typed in for a URL at the
application layer. If the certificate had all be stripped away at the
lower level ... the browser application would have had no way of
comparing the domain name in the certificate to the domain name typed
in as the URL.

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

• Previous message: Anne & Lynn Wheeler: "Re: Protocol stack - disadvantages (revision)"
• In reply to: Wolfgang Kueter: "Re: Protocol stack - disadvantages (revision)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]