Encryption Above TCP

• Most important Internet applications run atop TCP

  • web browsing, remote login, mail transfer, etc

• Much easier to install without OS vendor help

  • usually runs in user space
    • SSL included in Netscape and IE
  • TCP/IP usually implemented in OS kernel, requiring kernel modifications for IPSec

• Fine-grained (per user) security easy to do

  • fine-grained security in IPSec significantly complicated spec and delayed implementation by years

• No protection for transport headers

Previous slide

Next slide

Back to first slide

View graphic version