On 19/06/11 9:47 PM, Jon Callas wrote:
On Jun 19, 2011, at 5:54 PM, Nico Williams wrote:
On Sun, Jun 19, 2011 at 7:01 PM, Jon Callas<[email protected]> wrote:
That brings us back to the main question: what problem are you trying to solve?
The OP meantioned that the context was JavaScript crypto, and whether
one could forego the use of TLS if crypto were being applied at a
higher layer.
Uh huh, but what problem are you trying to solve?
Nod. Multiple 2c follows.
The question of having two different layers doing encryption is 99% a
software engineering discussion, and it can only be answered by looking
at the whole thing. The old advice "don't double encrypt" came from
some crypto-think about serialising block ciphers and "groups", a very
narrow context.
(Alternatively, if your a fan of BitCoin's aggresive use of make-work,
then you'll have no problem with double, triple or N-tuple encryption :)
Why not send *all* your network traffic over TLS?
The typical reasons for not using TLS would be (a) it's a
stream-oriented point-to-point protocol, whereas most activity is
app-level datagram-oriented, (b) it's too closely linked with PKI / x509
implementations, which is too clumsy in many ways, and (c) it only
delivers a relatively small subset of a fuller security model.
Which theory of course only makes any sense if one is prepared to
compete with TLS and do it all properly.
( I don't know for sure, but I gather the Javascript people have gone a
lot further towards datagram programming than the pre-JS 1990s school.
The temptation to throw out TLS is stronger as you get closer to the
datagram, and as you do more of a full security analysis. )
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
