[cryptography] Repeated Encryptions Considered.... ?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jun 22 08:22:09 EDT 2011


Ian G <iang at iang.org> writes:

>The typical reasons for not using TLS would be 
>[...]
>(c) it only delivers a relatively small subset of a fuller security model.

That's a legitimate reason for using JS crypto.  What TLS gives you is the
archetypal armoured car from the guy who lives on a cardboard box to the guy
who lives in a park bench, while JS crypto of the PDU gives you crypto from
the teller at park-box-guy's bank to the teller at cardboard-bench-guy's bank.
Using both is perfectly sound, TLS provides the blanket protection against
passive eavesdroppers and the JS PDU-encryption protects the message as a
whole from endpoint to endpoint.

Peter.



More information about the cryptography mailing list