Simple SSL/TLS - Some Questions
Eric Rescorla
ekr at rtfm.com
Tue Oct 7 15:27:45 EDT 2003
Anne & Lynn Wheeler <lynn at garlic.com> writes:
> At 12:09 PM 10/7/2003 -0700, Eric Rescorla wrote:
> >This doesn't provide equivalent services to TLS--no anti-replay
> >service for the server.
>
> KISS ... for the primary business requirement .... the application
> already has anti-replay .... TLS ant-replay is then redundant and
> superfluous.
>
> yes, it isn't existing TLS .... it is KISS TLS based on primary
> business requirement ... as mentioned in original, not on existing
> specification for existing implementation
But calling it "KISS TLS" is very inaccurate, since it
doesn't provide equivalent security guarantees. What you're
proposing doesn't really have any connection to TLS.
> Making it significantly more simple and lightweight might encourage it
> to be used more extensively.
Extensive performance analysis shows that the performance cost
in TLS is cryptography, not message passing. Your suggestion
doesn't improve that much at all.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list