[cryptography] Repeated Encryptions Considered.... ?

Nico Williams nico at cryptonector.com
Tue Jun 21 19:06:23 EDT 2011


On Tue, Jun 21, 2011 at 5:38 PM, James A. Donald <jamesd at echeque.com> wrote:
> The time is long overdue for an encryption protocol that is not layered on
> top of tcp, and which has protocol negotiation built in.

It's called IPsec (KEs + ESP[/AH]).

Unfortunately you kinda need an implementation of RFC5660 in order for
IPsec to be useful for protecting whole packet flows consistently.

IPsec is another example of where a lack of abstract APIs hindered
development of the technology.  Without APIs applications can't rely
on IPsec, thus IPsec gets relegated to use cases where configuration
suffices, which mostly are VPN use cases.

Nico
--



More information about the cryptography mailing list