[12799] in cryptography@c2.net mail archive
Re: How effective is open source crypto? (bad form)
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Mar 24 10:15:06 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Ian Grigg <iang@systemics.com>, cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 16 Mar 2003 10:41:42 -0800
In-Reply-To: <4.2.2.20030316104514.00bb5970@mail.earthlink.net>
Anne & Lynn Wheeler <lynn@garlic.com> writes:
> The difference is basic two packet exchange (within setup/teardown
> packet exchange overhead) plus an additional replay prevention two
> packet exchange (if the higher level protocol doesn't have its own
> repeat handling protocol). The decision as to whether it is two packet
> exchange or four packet exchange is not made by client ... nor the
> server ... but by the server application.
You've already missed the point. SSL/TLS is a generic security
protocol. As such, the idea is to push all the security into the
protocol layer where possible. Since, as I noted, the performance
improvement achieved by not doing so is minimal, it's better to just
have replay protection here.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
