> > Oh yes. IPsec is really taking off like wildfire, isn't it?
> Humorous, but care to speculate as to why it isn't wide-spread at this
A freely available good-enough implementation is better than an ideal
implementation that requires application changes.
> Is ssh the alternative these days?
ssh is good-enough. It's not a true IP tunnel, like swIPe or AltaVista/PPTP/...
it's more like a distributed proxy arrangement. But for a lot of purposes
that's as good, and for others it's even better for the same reason that a
proxy is easier to implement securely than a packet filter.
swIPe could possibly do the job, if a standard for wrapping RSA or D-H key
exchange over its private-key encryption model could be agreed on.