Larry,

Thank you for clarifying the SSL /w certificates.  I see it so seldom used
that I forgot about it.  And yes, private certificates makes it practically
impossible to listen in on the beginning of a session.  Public SSL such as
used for secure web pages is too easy to break.  But it does give the public
that warm fuzzy feeling.  That is how we use SSL here, not really secure
since I can use my PC to watch traffic into our NT based WEB server HTTPS:
pages for debugging purposes.


Christopher K. Bipes    mailto:ChrisB@Cross-Check.com
Sr. Programmer/Analyst  mailto:Chris_Bipes@Yahoo.com
CrossCheck, Inc.        http://www.cross-check.com
6119 State Farm Drive   Phone: 707 586-0551 x 1102
Rohnert Park CA  94928  Fax: 707 586-1884

If consistency is the hobgoblin of little minds, only geniuses work here.
Karen Herbelin - Readers Digest 3/2000

-----Original Message-----
From: Larry Bolhuis [mailto:lbolhuis@arbsol.com]
Sent: Wednesday, November 15, 2000 7:44 PM
To: MIDRANGE-L@midrange.com
Subject: Re: SSL vs. VPN


> > You don't.  VPN open a secure door to your entire network.  SSL open a
> > secure path to a peculiar service.  SSL open the door to the public in
> > a way
> > that no-one can (hopefully) decipher.  VPN is more private and thus
> > more
> > secure. You only issue certificates to those you know and trust,
> > hopefully.

    Generally true, however you can use certificates for SSL as well but
they are not required. Also VPN can be done without certificates.

> > Someone listening at the begging of a SSL session can potentially get
> > your keys and decrypt your whole session.

    Not neccesarily true. Depends on the SSL implementation. If you use
certificates, as Client Access does with the AS/400, then there is no
more exposure than with VPN. If you are establishing an SSL connection
with a 'secure' site (such as for Credit card payments) then this is
true. (although unlikely).

>         [Tim McCarthy]  Huh? You were right up to the part when you said
> that SSL was a secure path to a service.

  Nope, service is correct.  For example, I can set up SSL in Client
Access for the entire connection. Then I can go into the 5250 session
and select NO for encryption. That service (telnet) is then not
secured.  In other words you can secure one service and not another
between the same two devices.

  - Larry
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].