we did something similar for AADS PPP Radius
http://www.garlic.com/~lynn/index.html#aads
AADS radius example
http://www.asuretee.com/
... with FIPS186-2, x9.62, ecdsa digital signature authentication on
sourceforce
http://ecdsainterface.sourceforge.net/
radius digital signature protocol has
Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
> The difference is basic two packet exchange (within setup/teardown
> packet exchange overhead) plus an additional replay prevention two
> packet exchange (if the higher level protocol doesn't have its own
> repeat handling protocol). The decision as
At 09:30 AM 3/16/2003 -0800, Eric Rescorla wrote:
Correct.
It's considered bad form to design systems which have known replay
attacks when it's just as easy to design systems which don't.
If there were some overriding reason why it was impractical
to mount a defense, then it might be worth living
... small side-note part of the x9.59 work for all payments in all
environments was that the transaction system needed to be resilient to
repeats and be done in a single round-trip (as opposed to the transport).
there needed to be transaction resiliency with respect to single round tri
Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
> At 08:40 AM 3/16/2003 -0800, Eric Rescorla wrote:
>
> Sorry, there were two pieces being discussed.
>
> The part about SSL being a burden/load on servers
>
> and the shorten SSL description taken from another discussion.
This wasn't clear fro
At 08:40 AM 3/16/2003 -0800, Eric Rescorla wrote:
You still need a round trip in order to prevent replay attacks. The
fastest that things can be while still preserving the security
properties of TLS is:
ClientHello ->
ClientKeyExchange ->
Finished ->
<- ServerHello
Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
> There is a description of doing an SSL transaction in single round
> trip. The browser contacts the domain name system and gets back in
> single transmission the 1) public key, 2) preferred server SSL
> parameters, 3) ip-address. The browser selects
having worked on some of the early e-commerce/certificate stuff ... recent ref:
http://www.garlic.com/~lynn/aadsm13.htm#25 Certificate Policies (addenda)
the assertion is that basic ssl domain name certificate is so that the
browser can check the domain name from the url typed in against the domai
How effective is open source crypto?
http://www.securityspace.com/s_survey/sdata/200302/protciph.html
One measure is to look at how effective the
open source crypto regime is in getting
product out there. From the above, it is
fairly easy to suggest that strong crypto is
totally available to
