[Cryptography] A seemingly simple question ...
Thierry Moreau
thierry.moreau at connotech.com
Wed Feb 20 09:55:05 EST 2019
I used to think that a simple question to experts triggers a lengthy and
complex answer.
Now I have a simple question in a field where I might be an expert (we
are always on a learning curve).
An application requires data exchange between two distant server systems
operated by "responsible organizations" according to a lasting agreement.
A secure channel is thus required between these two server applications.
Confidentiality, data integrity, remote party authentication, and replay
attack prevention would be needed. Non-repudiation is a non-goal (since
no legal precedent ever hinted that public key crypto digital signatures
would be a legal standard of courtroom evidence).
Supposedly, the initial cryptographic key material setup need not be
efficient.
What is the typical secure protocol deployed in this context? Obviously,
"TLS" or "IPsec" is a partial answer due to the many protocol versions,
options, configurations, ...
Also, if the answer is a transport layer protocol (e.g. TLS in a given
profile) or a network layer protocol (e.g. IPsec in a given profile), is
there any notable vulnerability originating from the fact that the
security requirement is at the application layer? If so, what are the
countermeasures?
Hope this question is of interest to some of you!
Regards,
- Thierry Moreau
More information about the cryptography
mailing list