[smb at cs.columbia.edu: Skype security evaluation]
Marcel Popescu
Marcel_Popescu at microbilt.com
Sat Nov 12 06:56:02 EST 2005
> Do you have some articles about these protocols?
The authoritative reference for TLS is the TLS RFC
(http://www.ietf.org/rfc/rfc2246.txt). The authoritative reference for IPsec
is of course the IPsec RFC (http://www.ietf.org/rfc/rfc2401.txt). As to why
they wouldn't use these as they stand, synchronized protocols often require
finer control over the data block size than these offer, but modification is
easy enough, and would certainly have caused fewer concerns than a roll your
own.
[Marcel] Thanks, and appreciated, but I haven't made myself clear. I meant:
is there a page by one of the known names in the field saying something
like: "if you want to do this, then you should use these protocols"? Like
Peter said: they should have used TLS or YASSL for the handshake and IPSEC +
ESP for the transport. Is there a place where one trying to implement a
secure system could go and find out the basic components he needs? With pros
and cons, preferably?
[Marcel] Maybe this is too much to ask, I don't know. That's pretty much the
point :)
Thanks,
Marcel
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list