Re: Setting up VPN's
On Fri, 16 May 2003, Noah Meyerhans wrote:
> I don't think it's possible to *need* opportunistic encryption. By its
> very nature it's unreliable. You have no guarantee that you've got an
> IPsec session with a given host, so you really can't rely on
> opportunistic encryption to provide you with any security.
Very true.
The point of opportunistic encryption is to increase the use of IPsec
net-wide. The general idea being that, if two random hosts can, they
should without manual intervention. I think this is a great goal, in
the general sense, much like opportunistic compression to save
bandwidth, as seen in such things as mod_gzip for Apache.
-j
--
Jamie Lawrence jal@jal.org
Give a man a match, and he'll be warm for a minute, but set him on
fire, and he'll be warm for the rest of his life.
Reply to: