How effective is open source crypto? (bad form)
Eric Rescorla
ekr at rtfm.com
Sun Mar 16 13:41:42 EST 2003
Anne & Lynn Wheeler <lynn at garlic.com> writes:
> The difference is basic two packet exchange (within setup/teardown
> packet exchange overhead) plus an additional replay prevention two
> packet exchange (if the higher level protocol doesn't have its own
> repeat handling protocol). The decision as to whether it is two packet
> exchange or four packet exchange is not made by client ... nor the
> server ... but by the server application.
You've already missed the point. SSL/TLS is a generic security
protocol. As such, the idea is to push all the security into the
protocol layer where possible. Since, as I noted, the performance
improvement achieved by not doing so is minimal, it's better to just
have replay protection here.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list