[cryptography] Repeated Encryptions Considered.... ?

Nico Williams nico at cryptonector.com
Tue Jun 21 17:26:12 EDT 2011

On Tue, Jun 21, 2011 at 4:14 PM, Ian G <iang at iang.org> wrote:
>> Why not send *all* your network traffic over TLS?
> The typical reasons for not using TLS would be (a) it's a stream-oriented
> point-to-point protocol, whereas most activity is app-level
> datagram-oriented, (b) it's too closely linked with PKI / x509
> implementations, which is too clumsy in many ways, and (c) it only delivers
> a relatively small subset of a fuller security model.

See also: DTLS (Datagram-oriented TLS) and the GSS-API, both of which
can handle datagram-oriented apps.

> ( I don't know for sure, but I gather the Javascript people have gone a lot
> further towards datagram programming than the pre-JS 1990s school. The
> temptation to throw out TLS is stronger as you get closer to the datagram,
> and as you do more of a full security analysis. )

Color me skeptical.  With fast session resumption with stateless
servers HTTPS is really quite close to being as good as a datagram
oriented channel.  And if there's still performance issues, let's
address those in TLS.  Alternatively, what are the apps *not*
protecting if they use JS crypto?, and is that safe?, and in what
threat model?


More information about the cryptography mailing list