|
IPSec's advantage over SSL: It has more flexibility on choosing the authentication mechanisms (like the PreSharedKey), and therefore makes it difficult for the attacker to do man in the middle. SSL is based only on public key and with tools (like dsniff2.3), its possible to do man in the middle breaking SSL. SSL's advantage over IPSec: In SSL, the client and
the server exchage * hash * over the "initial handshake" and therefore is
difficult for an attacker to control (change the proposals that the client
has sent so that the server chooses the proposals that attacker sends or
whatever) the main mode "initial" handshake.
More discussion on this would be enlightening and
appreciated.
|