[cryptography] Repeated Encryptions Considered.... ?

Ian G iang at iang.org
Tue Jun 21 17:14:50 EDT 2011

On 19/06/11 9:47 PM, Jon Callas wrote:
> On Jun 19, 2011, at 5:54 PM, Nico Williams wrote:
>> On Sun, Jun 19, 2011 at 7:01 PM, Jon Callas<jon at callas.org>  wrote:
>>> That brings us back to the main question: what problem are you trying to solve?
>> The OP meantioned that the context was JavaScript crypto, and whether
>> one could forego the use of TLS if crypto were being applied at a
>> higher layer.
> Uh huh, but what problem are you trying to solve?

Nod.  Multiple 2c follows.

The question of having two different layers doing encryption is 99% a 
software engineering discussion, and it can only be answered by looking 
at the whole thing.  The old advice "don't double encrypt" came from 
some crypto-think about serialising block ciphers and "groups", a very 
narrow context.

(Alternatively, if your a fan of BitCoin's aggresive use of make-work, 
then you'll have no problem with double, triple or N-tuple encryption :)

> Why not send *all* your network traffic over TLS?

The typical reasons for not using TLS would be (a) it's a 
stream-oriented point-to-point protocol, whereas most activity is 
app-level datagram-oriented, (b) it's too closely linked with PKI / x509 
implementations, which is too clumsy in many ways, and (c) it only 
delivers a relatively small subset of a fuller security model.

Which theory of course only makes any sense if one is prepared to 
compete with TLS and do it all properly.

( I don't know for sure, but I gather the Javascript people have gone a 
lot further towards datagram programming than the pre-JS 1990s school. 
The temptation to throw out TLS is stronger as you get closer to the 
datagram, and as you do more of a full security analysis. )


More information about the cryptography mailing list