W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

Re: Merged Transport Layer Protocol Development

From: Ralph Spencer Poore <rspoore@ralph-s-poore.com>
Date: Wed, 24 Apr 1996 10:07:42 -0500
Message-Id: <199604241507.KAA13798@defiant.flash.net>
To: Bennet Yee <bsy@cs.ucsd.edu>
Cc: ietf-tls@w3.org
At 09:32 PM 4/22/96 -0700, you wrote:
>One aspect that I particularly liked about PCTv2 that is absent from
>SSLv3 and the proposed merged protocol is the ability to handle
>pre-encrypted data.  I believe that this is a very good way to
>amortize the bulk cryptography overhead over many sessions for some
>applications -- e.g., where images or text are being sold on a
>subscription/per-item basis and the service provider would like to
>make the data a little more secure so that network sniffers can not
>trivially obtain it.

>The same reasoning applies to pre-MAC'ing the data.
>I believe it is good to expose this encryption cost -vs- communication
>security tradeoff to the Web server administrators, and I believe that
>it is generally useful for other "data broadcast / publishing"
>applications.  One problem with existing SSLv2 and PCTv1 Web servers
>is that the crypto overhead is sometimes unacceptably high, and this
>is one way to ameliorate this.
>Bennet S. Yee		Phone: +1 619 534 4614	    Email: bsy@cs.ucsd.edu

I agree.  Support for pre-encrypted or pre-MAC'ed data also permits the use
of very secure hardware implementations of cryptography for highly sensitive
data without impacting the server software implementation which might be
unable to meet trusted system criteria or other high-security policy of an

|  Ralph Spencer Poore	| Ralph Spencer Poore	| Ralph Spencer Poore          	|
|  Author			| President, (ISC)2		| Director, ISS, C&L LLP          	|
|  rspoore@flash.net		| CompuServe 71242,2723	| rmoorenn@colybrand.com 	|
| 									|
| 	"Any opinions expressed by me are my opinions and do not necessarily 		|
| 	reflect the views of  any organizations with which I am associated."		|
Received on Wednesday, 24 April 1996 11:08:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:58 UTC