[cryptography] Repeated Encryptions Considered.... ?
James A. Donald
jamesd at echeque.com
Tue Jun 21 18:38:09 EDT 2011
> On 19/06/11 9:47 PM, Jon Callas wrote:
>> Why not send *all* your network traffic over TLS?
On 2011-06-22 7:14 AM, Ian G wrote:
> The typical reasons for not using TLS would be (a) it's a
> stream-oriented point-to-point protocol, whereas most activity is
> app-level datagram-oriented, (b) it's too closely linked with PKI / x509
> implementations, which is too clumsy in many ways, and (c) it only
> delivers a relatively small subset of a fuller security model.
> Which theory of course only makes any sense if one is prepared to
> compete with TLS and do it all properly.
The time is long overdue for an encryption protocol that is not layered
on top of tcp, and which has protocol negotiation built in.
More information about the cryptography