Walden,

A VPN class at COMMON left me with more questions than it answered.  It
seemed complex to me.  However, to a person experienced with VPN setup, it's
probably fairly simple.

OS/400 supplies a "certificate manager" to enable SSL.  It can generate a
certificate.  I don't see the need for a 3rd party certificate authority, in
this case.  Just add the IP of the 400 to the list of sites that IIS will
trust.

If there's a need to authenticate the IIS client, I'd just pass an agreed
upon key in each message.  It would be encrypted.  It's normal for web
applications to authenticate their users.

Nathan M. Andelin
www.relational-data.com

----- Original Message -----
From: "Walden H. Leverich" <WaldenL@TechSoftInc.com>
To: <midrange-l@midrange.com>
Sent: Wednesday, February 06, 2002 3:28 PM
Subject: RE: How to securely connect to IIS outside the firewall.


> >From: Nathan M. Andelin [mailto:nandelin@relational-data.com]
> >This approach is a lot less complex then VPN, but equally secure.
>
> VPNs can be very simple to install so I question the "lot less complex"
> part. But more importantly, unless I'm forgetting something, SSL promises
> two things:
>
> 1) The server I'm talking to is the server I think it is.
> 2) The communication between the server and client is encrypted.
>
> Given that IIS in this case would be the client and the AS/400 the server
I
> don't see how this helps. The AS/400 would need a certificate from a
trusted
> party (for argument sake, verisign) or it could self sign. In either case
> that would enable IIS to know that the AS/400 it's speaking to is indeed
the
> AS/400 it should be speaking to.
>
> However, in this case doesn't Dave need the AS/400 to know that this IIS
box
> is indeed the IIS box it thinks it is. In other words you need to use
> certificates to validate CLIENT identity, not server identity. Now,
> certificates are capable of doing that, but that is not "normal" SSL and
now
> you are into things that are much more complex than VPNs.
>
> -Walden
>
> ------------
> Walden H Leverich III
> President
> Tech Software
> (516)627-3800 x11
> WaldenL@TechSoftInc.com
> http://www.TechSoftInc.com
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.