replay & integrity

Whyte, William WWhyte at ntru.com
Wed Jul 9 13:31:03 EDT 2003


> I wouldn't say that this is a good reason to take
> these features out of SSL.  But assuming they are
> "needed" is a cautious assumption, and assuming
> that SSL meets the needs for replay & integrity
> makes even less sense when we are dealing with a
> serious top-to-bottom security model.

[ ... ]

> SSL just doesn't address the security needs of
> protocols as well as all that.  Where I've seen
> it used, the core need for it is privacy of the
> data stream, not anything else.

Maybe so, but if you don't have integrity checking,
so that an attacker can inject packets into the stream,
this can often compromise privacy too. For example,
consider Serge Vaudenay's CBC padding attack.

Cheers,

William

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list