Hello everyone,
I want to know the IPsec-Advantages and Disadvantages that arise because of its location on the network layer in the OSI-Model.
I read rfc2401 and rfc4301 specifications to find out the advantages and disadvantages of IPsec being located on the network layer in the OSI-Model (equivalent to Internet layer in the TCP/IP protocol stack).
I really could not find enough good reasons for the advantages and disadvantages of IPsec being located on network layer. Here are some of them that I could think of:
Advantage:
- No application-specific implementation is needed (in comparison to SSL/TLS)
- The ability to connect two subnets on the internet (tunneling mode)
- Ability to encrypt the traffic between two end-points (transport mode)
Disadvantage:
- Complex implementation of ipsec itself
- High computation performance when AH and ESP both activated
- No encryption for the packets to the destination if it is arrived on the subnet on the other side when tunneling mode is activated. (the network traffic is no more encrypted inside the subnet)
What else can you guys add more to these advantages and/or disadvantages? The focus is IP-sec location on the network layer. (it is a kind of comparison to ssl/tls which is upper layer protocol)
I would be grateful to any responses.
P.S: I hope that this thread has landed in its right place.