Inventing your own null cipher security opens up the door for replay, withhold and reorder styles of attacks.
On Mon, Aug 20, 2018 at 9:20 PM Peter Gutmann <[email protected]> wrote: > Lyndon Nerenberg <[email protected]> writes: > > >By law, we are forbidden from transmitting encrypted traffic, yet there > are > >use cases where integrity protection in the absence of data content > >protection would be of benefit. > > I've worked a lot with a set of authentication-only channels that can't be > encrypted but need strong integrity/authenticity protection. The way to > deal > with this is signed/MAC'd messages, not NULL-cipher TLS. > > Peter. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
