- From: Ralph Spencer Poore <rspoore@ralph-s-poore.com>
- Date: Wed, 24 Apr 1996 10:07:42 -0500
- To: Bennet Yee <bsy@cs.ucsd.edu>
- Cc: ietf-tls@w3.org
At 09:32 PM 4/22/96 -0700, you wrote: >One aspect that I particularly liked about PCTv2 that is absent from >SSLv3 and the proposed merged protocol is the ability to handle >pre-encrypted data. I believe that this is a very good way to >amortize the bulk cryptography overhead over many sessions for some >applications -- e.g., where images or text are being sold on a >subscription/per-item basis and the service provider would like to >make the data a little more secure so that network sniffers can not >trivially obtain it. > >The same reasoning applies to pre-MAC'ing the data. > >I believe it is good to expose this encryption cost -vs- communication >security tradeoff to the Web server administrators, and I believe that >it is generally useful for other "data broadcast / publishing" >applications. One problem with existing SSLv2 and PCTv1 Web servers >is that the crypto overhead is sometimes unacceptably high, and this >is one way to ameliorate this. > >-bsy > >-------- >Bennet S. Yee Phone: +1 619 534 4614 Email: bsy@cs.ucsd.edu I agree. Support for pre-encrypted or pre-MAC'ed data also permits the use of very secure hardware implementations of cryptography for highly sensitive data without impacting the server software implementation which might be unable to meet trusted system criteria or other high-security policy of an organization. ================================================= | Ralph Spencer Poore | Ralph Spencer Poore | Ralph Spencer Poore | | Author | President, (ISC)2 | Director, ISS, C&L LLP | | rspoore@flash.net | CompuServe 71242,2723 | rmoorenn@colybrand.com | | | | "Any opinions expressed by me are my opinions and do not necessarily | | reflect the views of any organizations with which I am associated." | =================================================
Received on Wednesday, 24 April 1996 11:08:01 UTC