>From: Nathan M. Andelin [mailto:nandelin@relational-data.com]
>This approach is a lot less complex then VPN, but equally secure.

VPNs can be very simple to install so I question the "lot less complex"
part. But more importantly, unless I'm forgetting something, SSL promises
two things:

1) The server I'm talking to is the server I think it is.
2) The communication between the server and client is encrypted.

Given that IIS in this case would be the client and the AS/400 the server I
don't see how this helps. The AS/400 would need a certificate from a trusted
party (for argument sake, verisign) or it could self sign. In either case
that would enable IIS to know that the AS/400 it's speaking to is indeed the
AS/400 it should be speaking to.

However, in this case doesn't Dave need the AS/400 to know that this IIS box
is indeed the IIS box it thinks it is. In other words you need to use
certificates to validate CLIENT identity, not server identity. Now,
certificates are capable of doing that, but that is not "normal" SSL and now
you are into things that are much more complex than VPNs.

-Walden

------------
Walden H Leverich III
President
Tech Software
(516)627-3800 x11
WaldenL@TechSoftInc.com
http://www.TechSoftInc.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.