Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Jeff Newton (Jeff_Newton@pmc-sierra.com)
Date: Sat Nov 10 2001 - 19:21:39 CST
With 3 days remaining before writing the exam, I need some
inconsistancies addressed. I'm concerned about where in the OSI model,
certain encryption protocols fall - specifically SSL and IPSec.
Tipton ISHM 4th edition p.162 indicates the SSL is a session (layer 5) protocol. Other online resources claim SSL is an application layer protocol.
Since SSL is typically implemented in browser applications, I would lean towards placing SSL in layer 7. Anyone have the definitive answer?
Tipton ISHM 4th edition p.162 indicates IPSec is a transport (layer 4) protocol. In the same book, chaper 14 "An Introduction to IPSec" discusses IPSec as a network layer implementation. Other online resources I've read indicate IPSec is a layer 3 protocol as well.
The whole idea behind IPSec is that by working at layer 3, you can secure any application regardless of the IP service or transport.
Its difficult to pigeon-hole encryption protocols in different OSI layers, especially when definitive resources conflict. Can oneone help me address these inconsistancies?
-- Jeff Newton