From: Bennett Todd <bet@rahul.net>
To: Tina Bird <tbird@precision-guesswork.com>
Cc: "vpn@lists.shmoo.com" <vpn@lists.shmoo.com>
Subject: Re: [VPN] SSL "VPNs"
----------------------------------------

I know of two categories of SSL-transported remote access solution, and one of 'em is sometimes (annoyingly, to my tastes) called a "VPN".

That would be SOCKS transported over SSL. Aventail does that. Throw a SOCKS shim on the local machine, direct it at the local endpoint of a certificate-authenticated stunnel, and voila, you've got a cheap-n-sleazy VPN. More or less works OK for some apps, if you like SOCKS.

The other SSL-based remote access solution I've seen is actually in my favourite category: thin client. A web browser is trivially an adequate thin client for SSL-based web apps; and there are some approaches (e.g. the Java SSH client, Citrix @Access) that allow downloading a special-purpose client through a web browser for more generic thin client designs.

With a bit of care in how things are deployed, you can produce a remote access solution that can allow the use of most apps users end up wanting, from the proverbial internet kiosk or cybercafe.

Only tangentially related to VPNs, though, except in the minds of marketers.

-Bennett