Ian Grigg wrote:
> Dave Howe wrote:
> Thanks.  That's the key!  Then, the answer
> might really be that a good system would
> do the transport over UDP it if could, or
> it would fall back to a connection in the
> worst case.
Exactly so, yes - however, the mechanics of doing so (and the protocols
used) *are* the vpn scheme - it would be possible to imagine a generic
routing shim which could be told "for network xx.xx.xx.xx use external
daemon yyyy" where yyyy could be ipsec, ssl or ssh tunnels - and the actual
routing shim could be very small indeed - as most of the hard work would be
taken care of by the external daemon. however, each vpn standard would have
to have its own daemon - and interoperate with other implimentations of that
type of vpn
its a bit like arguing which type of car is "best" - none is, they all have
their good and bad features, and you should choose the one best suited for
the tasks you are going to use it for.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to