Ian G <[email protected]> writes: >The typical reasons for not using TLS would be >[...] >(c) it only delivers a relatively small subset of a fuller security model.
That's a legitimate reason for using JS crypto. What TLS gives you is the archetypal armoured car from the guy who lives on a cardboard box to the guy who lives in a park bench, while JS crypto of the PDU gives you crypto from the teller at park-box-guy's bank to the teller at cardboard-bench-guy's bank. Using both is perfectly sound, TLS provides the blanket protection against passive eavesdroppers and the JS PDU-encryption protects the message as a whole from endpoint to endpoint. Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
