On Jun 6, 2011, at 4:00 AM, Hannes Gredler wrote: > On Mon, Jun 06, 2011 at 12:50:04PM +0200, Robert Raszuk wrote: > | If indeed requirement is to support decent authentication on wide > | spectrum of operating systems why not consider application level > | approach of SSL/TLS and leave the need for TCP kernel hacking alone > | ? rfc5246 ? > | > | Routers support it today so would any unix flavor as it will come > | with the application if not already there. > > hi robert, > > --- > > quoting from rfc 5246: > > The primary goal of the TLS protocol is to provide privacy and data > ^^^^^^^^^^^^^^^^^^^^^^^^ > integrity between two communicating applications. The protocol is > ^^^^^^^^^ > composed of two layers: the TLS Record Protocol and the TLS Handshake > Protocol. At the lowest level, layered on top of some reliable > transport protocol (e.g., TCP [TCP]), is the TLS Record Protocol. > The TLS Record Protocol provides connection security that has two > basic properties: > > --- > > we are just looking for a protocol which ensures data-integrity, > privacy is not of concern; >
TLS is exactly like SSH and IPsec in this case. It is easy to configure TLS to be doing integrity-only. The overhead for encrypting, if you are doing so, is extremely low. --Paul Hoffman _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
