[Cryptography] A seemingly simple question ...
Bill Frantz
frantz at pwpconsult.com
Wed Feb 20 15:46:58 EST 2019
On 2/20/19 at 6:55 AM, thierry.moreau at connotech.com (Thierry
Moreau) wrote:
>An application requires data exchange between two distant
>server systems operated by "responsible organizations"
>according to a lasting agreement.
>
>A secure channel is thus required between these two server
>applications. Confidentiality, data integrity, remote party
>authentication, and replay attack prevention would be needed.
>Non-repudiation is a non-goal (since no legal precedent ever
>hinted that public key crypto digital signatures would be a
>legal standard of courtroom evidence).
>
>Supposedly, the initial cryptographic key material setup need not be efficient.
>
>What is the typical secure protocol deployed in this context?
>Obviously, "TLS" or "IPsec" is a partial answer due to the many
>protocol versions, options, configurations,
I'm not really an expert, but TLS has the Pre-Shared Key (PSK)
mode where the initial keys are shared offline. These two
organizations could share keys via messenger, avoiding concerns
about CAs and other third parties.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345
Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos,
CA 95032
More information about the cryptography
mailing list