Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes: > The difference is basic two packet exchange (within setup/teardown > packet exchange overhead) plus an additional replay prevention two > packet exchange (if the higher level protocol doesn't have its own > repeat handling protocol). The decision as to whether it is two packet > exchange or four packet exchange is not made by client ... nor the > server ... but by the server application. You've already missed the point. SSL/TLS is a generic security protocol. As such, the idea is to push all the security into the protocol layer where possible. Since, as I noted, the performance improvement achieved by not doing so is minimal, it's better to just have replay protection here.
-Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]