> >From: timd@consensus.com[SMTP:timd@consensus.com] > >- UDP and other unreliable transports: I don't think support for an >unreliable protocol is appropriate for this effort. The current >protocols >(SSL & PCT) both provide protection against an opponent blocking >traffic; >this can be detected. In SSL 3.0, truncation attacks can be detected. >Using >an unreliable underlying transport makes it impossible to provide >protection against this without essentially creating a stream transport >on >top of it. I think the standard we create should provide a certain set >of >security features which are provided by all implementations of the >standard, and that protection against these "interruption" attacks >should >be a part of it. > >However, we should think about an unreliable transport standard which >would >leverage its cipher negotiation and authentication off of the stream >protocol. This is exactly what I have in mind when I talk about "datagram support"--not a substitute for IPSEC, but merely a defined format for independently decryptable datagrams, so that key management can be unified in situations where both a reliable transport and an unreliable one are being used in parallel. Daniel Simon Cryptographer, Microsoft Corp. dansimon@microsoft.com > > > >Received on Friday, 26 April 1996 14:38:05 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT