I don't want to get into an SSL vs. IPsec argument, but... David Conrad <david.conrad@nominum.com> writes:
Compare with SSL (works out-of-the-box in 99.999% cases, and allows both, full and hard security with root certificates etc, or simple security based on _ok, I trust you first time, then we can work_.
a) I suspect most SSL implementations derive out of the same code base.
I'd be surprised if this is correct. The three major SSL/TLS implementations by deployment are: 1. OpenSSL (used in Apache2, ApacheSSL, and mod_ssl) 2. Microsoft (used in IE and IIS) 3. Firefox/Mozilla (based on Netscape's NSS). These are all genetically distinct. In addition, there are at least three independent Java implementations (JSSE, PureTLS, SSLava). In addition, Terisa Systems (now Spyrus) independently implemented SSLv3 (though our v2 stack had some of Netscape's SSLref stack) and I believe that Consensus development did so as well. -Ekr