[14572] in cryptography@c2.net mail archive
Re: Simple SSL/TLS - Some Questions
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Tue Oct 7 16:21:29 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Jill Ramonsky <Jill.Ramonsky@aculab.com>,
cryptography@metzdowd.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 07 Oct 2003 12:27:45 -0700
In-Reply-To: <4.2.2.20031007130544.00bb0e30@mail.earthlink.net>
Anne & Lynn Wheeler <lynn@garlic.com> writes:
> At 12:09 PM 10/7/2003 -0700, Eric Rescorla wrote:
> >This doesn't provide equivalent services to TLS--no anti-replay
> >service for the server.
>
> KISS ... for the primary business requirement .... the application
> already has anti-replay .... TLS ant-replay is then redundant and
> superfluous.
>
> yes, it isn't existing TLS .... it is KISS TLS based on primary
> business requirement ... as mentioned in original, not on existing
> specification for existing implementation
But calling it "KISS TLS" is very inaccurate, since it
doesn't provide equivalent security guarantees. What you're
proposing doesn't really have any connection to TLS.
> Making it significantly more simple and lightweight might encourage it
> to be used more extensively.
Extensive performance analysis shows that the performance cost
in TLS is cryptography, not message passing. Your suggestion
doesn't improve that much at all.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
