- From: Dan Simon <dansimon@microsoft.com>
- Date: Fri, 26 Apr 1996 11:37:45 -0700
- To: "'ietf-tls (Transport Layer Security WG)'" <ietf-tls@w3.org>, "'timd@consensus.com'" <timd@consensus.com>
> >From: timd@consensus.com[SMTP:timd@consensus.com] > >- UDP and other unreliable transports: I don't think support for an >unreliable protocol is appropriate for this effort. The current >protocols >(SSL & PCT) both provide protection against an opponent blocking >traffic; >this can be detected. In SSL 3.0, truncation attacks can be detected. >Using >an unreliable underlying transport makes it impossible to provide >protection against this without essentially creating a stream transport >on >top of it. I think the standard we create should provide a certain set >of >security features which are provided by all implementations of the >standard, and that protection against these "interruption" attacks >should >be a part of it. > >However, we should think about an unreliable transport standard which >would >leverage its cipher negotiation and authentication off of the stream >protocol. This is exactly what I have in mind when I talk about "datagram support"--not a substitute for IPSEC, but merely a defined format for independently decryptable datagrams, so that key management can be unified in situations where both a reliable transport and an unreliable one are being used in parallel. Daniel Simon Cryptographer, Microsoft Corp. dansimon@microsoft.com > > > >
Received on Friday, 26 April 1996 14:38:05 UTC