Hi,

SSL is a layer 5 protocol in the OSI model and an Application Layer protocol
in the DOD Model.

IpSec is formely a Network Layer Protocol. You have two phase is IpSec, Data
and Header. May be someone place the Header in transport but it is false.

If you want a very, very, very good source for information.... Look RFC
;-)

Dominic Morin

-----Original Message-----
From: Jeff Newton [mailto:Jeff_Newton@pmc-sierra.com]
Sent: Saturday, November 10, 2001 8:22 PM
To: cisspstudy_1@yahoogroups.com; cisspstudy@securityfocus.com
Cc: vancissp@yahoogroups.com
Subject: Encryption Protocols and OSI layers - inconsistancies

With 3 days remaining before writing the exam, I need some
inconsistancies addressed. I'm concerned about where in the OSI model,
certain encryption protocols fall - specifically SSL and IPSec.

SSL

----
Tipton ISHM 4th edition p.162 indicates the SSL is a session (layer 5)
protocol.  Other online resources claim SSL is an application layer
protocol.
Since  SSL is typically implemented in browser applications, I would
lean towards placing SSL in layer 7.  Anyone have the definitive answer?
IPSec
------
Tipton ISHM 4th edition p.162 indicates IPSec is a transport (layer 4)
protocol.  In the same book, chaper 14 "An Introduction to IPSec"
discusses IPSec as a network layer implementation.  Other online
resources I've read indicate IPSec is a layer 3 protocol as well.
The whole idea behind IPSec is that by working at layer 3, you can
secure any application regardless of the IP service or transport.
Its difficult to pigeon-hole encryption protocols in different OSI
layers, especially when definitive resources conflict.  Can oneone help
me address these inconsistancies?
Cheers,
--
Jeff Newton

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]