|
|
|
|
|
|
by benmmurphy
3408 days ago
|
|
|
i have a slightly different opinion of ipsec vs tls and this is probably mostly formed because it is being 'abused' where we use it. so we have a bunch of point to point connections to other companies and all of these companies except for one that uses http as its protocol has chosen to use ipsec to protect the connections. it believe it would be much better operationally and in terms of security if these connections were protected by TLS instead. have a look at how 'rekeying' is done. look at the numerous bugs in strongswan issue tracker related to this. the whole protocol is a shit show and it is really surprising that anything actually works between different vendors. |
|
|