How effective is open source crypto?

[Eric Rescorla]

Anne & Lynn Wheeler <lynn at garlic.com> writes:
> At 08:40 AM 3/16/2003 -0800, Eric Rescorla wrote:
> 
> Sorry, there were two pieces being discussed.
>
> The part about SSL being a burden/load on servers ....
> 
> and the shorten SSL description taken from another discussion.
This wasn't clear from your message.

> The
> shorten SSL description was (in fact) from a discussion of the
> round-trips and latency ... not particularly burden on the server. In
> the original discussion there was mention about HTTP requires TCP
> setup/teardown which is minimum seven packet exchange .... 
TCP setup is 3 packets. The teardown doesn't have any effect whatsoever
on the performance of the system (and often isn't done anyway).
It's a very modest load on the network and one which is far
outstripped by the traffic sent by SSL and HTTP.

> So what kind of replay attack is there. Looking at purely e-commerce
> ... there is no client authentication. Also, since the client always
> chooses a new, random key .... there is no replay attack on the client
> ... since the client always sends something new (random key) every
> time. That just leaves replay attacks on the server (repeatedly
> sending the same encrypted data).
Correct.

It's considered bad form to design systems which have known replay
attacks when it's just as easy to design systems which don't.
If there were some overriding reason why it was impractical
to mount a defense, then it might be worth living with a replay
attack. However, since it would have only a very minimal effect
on offered load to the network and--in most cases--only a marginal
effect on latency, it's not worth doing.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com