Re: VPN vs SSL client side certificates

• Previous message: Michael Sharman: "Re: VPN vs SSL client side certificates"
• In reply to: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Next in thread: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Reply: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 8 Sep 2005 08:56:52 +0200

In comp.security.misc Michael Sharman <msharman@internode.on.net> wrote:
> To lower the risk of password compromise I'm planning to use client side
> certificates to authenticate as well as the passwords, so that a
> stolen/cracked password isn't enough.

If you're authenticating the clients with certificates, authenticating the
server with a certificate, and have an SSL connection, then I cannot see,
why using passwords at all.

> Is a VPN useful given that I'm using SSL in this circumstance?

Maybe.

> What security does IPSEC provide that SSL doesn't?

Used in this way, tunnelling with IPSEC hides which service who is using.

> Would the IPSEC implementation in a firewall appliance be more trust
> worthy than Apache-SSL?

It depends.

F'up2here, because this is not ssh, what we're talking about.

Yours,
VB.

-- 
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
                                    Harald Schmidt zum "Weltjugendtag"

• Previous message: Michael Sharman: "Re: VPN vs SSL client side certificates"
• In reply to: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Next in thread: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Reply: Michael Sharman: "Re: VPN vs SSL client side certificates"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]