refactoring crypto handshakes (SSL in 3 easy steps)

James A. Donald jamesd at
Fri Nov 30 21:28:28 EST 2007

travis+ml-cryptography at wrote:
 > The obvious way - doing a specific step just to verify
 > the handshake - is the kind of code-centric thinking
 > that I'm trying to avoid.  I'm having trouble finding
 > the right words for it.  Basically an encrypted
 > network protocol is a language in which a transmission
 > is syntactically correct if and only if all the
 > security properties hold. In some ways current
 > protocols are like a poorly-written language whose
 > parser that needs a seperator character between
 > statements instead of being able to detect the syntax
 > error when it starts processing the following
 > statement.  Basically it lacks even a single symbol
 > look-ahead.

SRP, as specified, validates that the shared secret on
both sides is the same, requiring an extra 0.5 RTT.  If
message validation depends on the entire shared secret,
then validating that they are identical is unnecessary.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list