With 3 days remaining before writing the exam, I need some
inconsistancies addressed. I'm concerned about where in the OSI model,
certain encryption protocols fall - specifically SSL and IPSec.

SSL

----
Tipton ISHM 4th edition p.162 indicates the SSL is a session (layer 5)
protocol.  Other online resources claim SSL is an application layer
protocol.
Since  SSL is typically implemented in browser applications, I would
lean towards placing SSL in layer 7.  Anyone have the definitive answer?
IPSec
------
Tipton ISHM 4th edition p.162 indicates IPSec is a transport (layer 4)
protocol.  In the same book, chaper 14 "An Introduction to IPSec"
discusses IPSec as a network layer implementation.  Other online
resources I've read indicate IPSec is a layer 3 protocol as well.
The whole idea behind IPSec is that by working at layer 3, you can
secure any application regardless of the IP service or transport.
Its difficult to pigeon-hole encryption protocols in different OSI
layers, especially when definitive resources conflict.  Can oneone help
me address these inconsistancies?
Cheers,
--
Jeff Newton

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]