On Thu, Dec 04, 2003 at 10:32:32PM -0500, Bill Tompkins wrote:
> I can't speak to how common it is, but there are applications that
> require crypto, and that require some sort of negotiation protocol, that
> don't use TCP or Ethernet.  For example- wireless apps, or various
> non-ethernet multi-drop wired interfaces.  While these applications do
> require some sort of communications stack, it might be less
> sophisticated than what you're used to seeing with TCP/IP (and might be
> mostly implemented in off-CPU hardware).

[Bill went on to say that you might use SSL for such things, as it's had
 lots of design effort].

If you're using wireless then SSL isn't really an option, unless you
layer something like TCP over the top. A large part of SSL's anti-replay
security relies on it running on a reliable channel, so sequence numbers
monotonically increase at a constant rate. (this is also for attempted
message injection). Also, AIUI, *any* crypto failure causes a shutdown
of the protocol, rather than it just being ignored, as it might be in an
unreliable stream.


Matthew Byng-Maddick         <[EMAIL PROTECTED]>           http://colondot.net/

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to