- From: Tim Dierks <timd@consensus.com>
- Date: Thu, 25 Apr 1996 19:51:47 -0700
- To: ietf-tls (Transport Layer Security WG) <ietf-tls@w3.org>
In the recent discussion of the STLP "strawman", several issues have come up; here are my thoughts on a few. For what it's worth, I'm in the middle of implementing SSL 3.0 right now. - UDP and other unreliable transports: I don't think support for an unreliable protocol is appropriate for this effort. The current protocols (SSL & PCT) both provide protection against an opponent blocking traffic; this can be detected. In SSL 3.0, truncation attacks can be detected. Using an unreliable underlying transport makes it impossible to provide protection against this without essentially creating a stream transport on top of it. I think the standard we create should provide a certain set of security features which are provided by all implementations of the standard, and that protection against these "interruption" attacks should be a part of it. However, we should think about an unreliable transport standard which would leverage its cipher negotiation and authentication off of the stream protocol. - Tim Dierks Tim Dierks -- timd@consensus.com -- www.consensus.com Head of Thing-u-ma-jig Engineering, Consensus Development
Received on Thursday, 25 April 1996 22:50:12 UTC