W3C home > Mailing lists > Public > ietf-tls@w3.org > April to June 1996

RE: Unreliable transport

From: Dan Simon <dansimon@microsoft.com>
Date: Fri, 26 Apr 1996 11:37:45 -0700
Message-Id: <c=US%a=_%p=msft%l=RED-92-MSG-960426183745Z-33691@abash1.microsoft.com>
To: "'ietf-tls (Transport Layer Security WG)'" <ietf-tls@w3.org>, "'timd@consensus.com'" <timd@consensus.com>
> 
>From: 	timd@consensus.com[SMTP:timd@consensus.com]
>
>- UDP and other unreliable transports: I don't think support for an
>unreliable protocol is appropriate for this effort. The current
>protocols
>(SSL & PCT) both provide protection against an opponent blocking
>traffic;
>this can be detected. In SSL 3.0, truncation attacks can be detected.
>Using
>an unreliable underlying transport makes it impossible to provide
>protection against this without essentially creating a stream transport
>on
>top of it. I think the standard we create should provide a certain set
>of
>security features which are provided by all implementations of the
>standard, and that protection against these "interruption" attacks
>should
>be a part of it.
>
>However, we should think about an unreliable transport standard which
>would
>leverage its cipher negotiation and authentication off of the stream
>protocol.

This is exactly what I have in mind when I talk about "datagram
support"--not a substitute for IPSEC, but merely a defined format for
independently decryptable datagrams, so that key management can be
unified in situations where both a reliable transport and an unreliable
one are being used in parallel.

				Daniel Simon
				Cryptographer, Microsoft Corp.
				dansimon@microsoft.com


>
>
>
>
Received on Friday, 26 April 1996 14:38:05 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:48 EDT