Problem solve Get help with specific problems with your technologies, process and projects.

Can S/MIME, XML and IPsec operate in one protocol layer?

It is possible to build security systems that reside within a single layer of the OSI model, but why limit yourself?

Is it possible (or even feasible) to have a universal security system at one layer in the protocol stack? Could you, for example, have S/MIME and XML with IPsec operating all in one layer?
It is possible to build security systems that reside within a single layer of the OSI model, but I'm not quite sure why you would want to limit yourself. The OSI model is really a theoretical device used to help explain how the network and Internet functions. When you secure Web communications using SSL, you're technically using a single layer of the OSI model since SSL works at the transport layer. The security paradigm of defense in depth dictates that more should be done to protect the infrastructure. For example, use a firewall operating at the network layer to limit the traffic reaching the Web server. To block known malicious traffic, you probably also want to implement an intrusion prevention system working at all layers from network through application..

Your question points at this paradigm as well. You mentioned the use of three different technologies in your security system: XML with S/MIME and IPsec. Each of these operates at a different layer of the OSI model: S/MIME runs at the application layer, IPsec runs at the network layer and XML is a presentation layer protocol.

This was last published in April 2009

Dig Deeper on VPN security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.