Hi and welcome,
I haven't thought hardly about what you're trying to do but my first
intuition tells me that encryption also has some part to play in
authentication that you're missing. My knowledge of SSL is limited but I
think it is safe to say that private/public key (assymetric) encryption
is used to guarantee certificate authenticity, and to agree on the
secret (symetric) key that will be used for the actual communication.
If you use no secret key, you have no guarantee that the guy you're
talking with really is the same guy that you did your handshake with
(who showed you his certificate and knows the shared secret). So even if
you don't want your data encrypted, there must be some signature for
each message sent to guarantee authenticity, based on that shared secret.
So if what I said is correct, even if you don't use encryption you will
still need a signature of each message - probably in the form of a
cryptographic hash based on the shared secret. I'm really not sure that
such an operation is significantly cheaper than symmetric encryption.
Urjit Gokhale wrote:
Hi all,
I am planning to use SSL for the communication between my client and
server. The idea is to use SSL *mainly* for peer authentication and
validation (Both server and client authentication by means of
certificates). Regarding the data encryption, I would like to have it
as an optional feature.
The motivation behind this desirable feature is that in a particular
environment, I am not really worried about the data, but the client
talking to my server. I would like to give up on encryption in favor
of performance.
So the questions are:
1) Is it possible to use SSL only for the sake of peer authentication
+ validation and transfer un-encrypted data over this channel ?
2) Would sacrificing on encryption *really* improve the performance ?
Thanks,
~ Urjit
PS: This is my first mail to this list. So, in case, you think that my
questions are out of the scope of this group, or you know of some
other group which can yield me better answers, could you please point
me to such groups ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
