Ian Grigg wrote:
So, some protocols don't need replay prevention
from lower layers because they have sufficient
checks built in. This would apply to any protocols
that have financial significance; in general, no
protocol should be without its own unique Ids.
I'll try to make this
Zooko, I don't think you actually need to worry about the At-Most-Once
semantics you example below. This sort of stuff has been around for
decades and there are a number of open source programs available. Don't
confuse what TLS does - transport messages securely end-to-end - to what
the end
At 02:19 PM 7/9/2003 -0400, Zooko wrote:
I'll try to make this concrete. My thesis is different than Ian's -- rather
than saying that those apps need less than what TLS offers, I say that they
need more! (So that each app need no longer implement the added features
itself.)
we did two kinds of
[ Jill ]
Instead, I have a
different question: Where can I learn about SSL?
[ Ian ]
PS: next step is Ferguson Schneier's recent book
which has been described as how to re-invent SSL.
This reminds me: the best tutorial on the security
aspects of SSL 3.0 that I know of is the Counterpane
On Wednesday, Jul 9, 2003, at 14:19 US/Eastern, Zooko wrote:
Ian Grigg wrote:
So, some protocols don't need replay prevention
from lower layers because they have sufficient
checks built in. This would apply to any protocols
that have financial significance; in general, no
protocol should be
Ian Grigg [EMAIL PROTECTED] writes:
Ian Grigg [EMAIL PROTECTED] writes:
[EMAIL PROTECTED] wrote:
Instead, I have a
different question: Where can I learn about SSL?
Most people seem to think the RFC is unreadable,
so ...
As in, could someone reccommend a good book, or online
Re: Eric Rescorla's SSL and TLS book:
Actually, the price should be $40 US. That's the price at Amazon.
Actually on bookpool.com it's $31. And if you can buy something else
at the same time, they have free shipping on anything over $40.
And let me 3rd or 4th the comment that it's
On Thu, Jul 10, 2003 at 12:04:33PM +0100, [EMAIL PROTECTED] wrote:
Instead, I have a
different question: Where can I learn about SSL?
As in, could someone reccommend a good book, or online tutorial, or
something, somewhere, that explains it all from pretty much first
principles, and leaves
On Thu, Jul 10, 2003 at 12:04:33PM +0100, [EMAIL PROTECTED] wrote:
guess). However, the complexity of the OpenSSL library has me stumped.
(Plus, it's Unix-centric. I'd like to turn it into a Visual Studio port so I
could compile without needing cygwin, gcc, etc., but that's another story).
It