On 6/7/05, bruce <bedouglas@xxxxxxxxxxxxx> wrote: > matt... > > if i understand them both, ssl/ipsec are essentially the same thing, ie the > ability to create a secure connection between two points... No... SSL operates at a higher level in the TCP/IP protocol stack. To be more concrete, SSL is an application-level protocol, whereas IPSec operates at the network level. IPSec can be configured to set up an encrypted and/or authenticated link between two peers, or in tunnel mode, where IP datagrams coming from several client machines get multiplexed, encapsulated, encrypted and/or authenticated, then sent over a "tunnel" over a public IP network to the tunnel endpoint, where the process is reversed and the decapsulated packet delivered to its target. SSL is an application service, and end-to-end encrypted/authenticated link between application peers and thus, the protocol or application must explicitly support it (although there are tricks like using stunnel). IPSec encrypts/authenticates a whole link (or parts of a link) and it's application transparent: you can implement an IPSec-protected link and have SSL-unfriendly or SSL-disabled applications or protocols get automatic encryption/authentication via IPSec features.
