[14575] in cryptography@c2.net mail archive
Re: Simple SSL/TLS - Some Questions
daemon@ATHENA.MIT.EDU (Ian Grigg)
Tue Oct 7 23:16:22 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 07 Oct 2003 20:38:34 -0400
From: Ian Grigg <iang@systemics.com>
Reply-To: iang@systemics.com
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: EKR <ekr@rtfm.com>, Jill Ramonsky <Jill.Ramonsky@aculab.com>,
cryptography@metzdowd.com
Anne & Lynn Wheeler wrote:
>
> At 12:09 PM 10/7/2003 -0700, Eric Rescorla wrote:
> >This doesn't provide equivalent services to TLS--no anti-replay
> >service for the server.
>
> KISS ... for the primary business requirement .... the application already
> has anti-replay .... TLS ant-replay is then redundant and superfluous.
Well, that is correct, all financial cryptography
protocols will have end-to-end replay, and in this
sense, the anti-reply of TLS is not needed / gets
in the way if one is doing financial stuff.
( I've recently discovered this wierdness in Java where
it automatically launches the entire POST again if
it sees a problem, thus resulting in two transaction
requests. Of course, the protocols pick it up and
there is no danger, but I can't figure out how to
easily stop the client side telling the user that
the transaction had already been done.... )
> yes, it isn't existing TLS .... it is KISS TLS based on primary business
> requirement ... as mentioned in original, not on existing specification
> for existing implementation
> http://www.garlic.com/~lynn/aadsm15.htm#19
You are not being fair, Lynn, you are hijacking
the name of TLS, in order to promote a protocol
to protect credit cards.
What you described was practically nothing to do
with TLS/SSL...
Such a protocol would be quite useful no doubt,
but it has little to do with TLS' design goal of
being a full service channel security product.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
