Ian Grigg wrote: > Dave Howe wrote: > Thanks. That's the key! Then, the answer > might really be that a good system would > do the transport over UDP it if could, or > it would fall back to a connection in the > worst case. Exactly so, yes - however, the mechanics of doing so (and the protocols used) *are* the vpn scheme - it would be possible to imagine a generic routing shim which could be told "for network xx.xx.xx.xx use external daemon yyyy" where yyyy could be ipsec, ssl or ssh tunnels - and the actual routing shim could be very small indeed - as most of the hard work would be taken care of by the external daemon. however, each vpn standard would have to have its own daemon - and interoperate with other implimentations of that type of vpn its a bit like arguing which type of car is "best" - none is, they all have their good and bad features, and you should choose the one best suited for the tasks you are going to use it for.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]