Larry, Thank you for clarifying the SSL /w certificates. I see it so seldom used that I forgot about it. And yes, private certificates makes it practically impossible to listen in on the beginning of a session. Public SSL such as used for secure web pages is too easy to break. But it does give the public that warm fuzzy feeling. That is how we use SSL here, not really secure since I can use my PC to watch traffic into our NT based WEB server HTTPS: pages for debugging purposes. Christopher K. Bipes mailto:ChrisB@Cross-Check.com Sr. Programmer/Analyst mailto:Chris_Bipes@Yahoo.com CrossCheck, Inc. http://www.cross-check.com 6119 State Farm Drive Phone: 707 586-0551 x 1102 Rohnert Park CA 94928 Fax: 707 586-1884 If consistency is the hobgoblin of little minds, only geniuses work here. Karen Herbelin - Readers Digest 3/2000 -----Original Message----- From: Larry Bolhuis [mailto:firstname.lastname@example.org] Sent: Wednesday, November 15, 2000 7:44 PM To: MIDRANGE-L@midrange.com Subject: Re: SSL vs. VPN > > You don't. VPN open a secure door to your entire network. SSL open a > > secure path to a peculiar service. SSL open the door to the public in > > a way > > that no-one can (hopefully) decipher. VPN is more private and thus > > more > > secure. You only issue certificates to those you know and trust, > > hopefully. Generally true, however you can use certificates for SSL as well but they are not required. Also VPN can be done without certificates. > > Someone listening at the begging of a SSL session can potentially get > > your keys and decrypt your whole session. Not neccesarily true. Depends on the SSL implementation. If you use certificates, as Client Access does with the AS/400, then there is no more exposure than with VPN. If you are establishing an SSL connection with a 'secure' site (such as for Credit card payments) then this is true. (although unlikely). > [Tim McCarthy] Huh? You were right up to the part when you said > that SSL was a secure path to a service. Nope, service is correct. For example, I can set up SSL in Client Access for the entire connection. Then I can go into the 5250 session and select NO for encryption. That service (telnet) is then not secured. In other words you can secure one service and not another between the same two devices. - Larry +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: email@example.com +---
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.