Re: TO COMPRESS OR NOT TO CMPRS (please reply)

[Stephen Kent <kent@bbn.com>]

Phil,

	Just a minor correction: let's not refer to SSL or SSH as
"transport layer" security protocols.  These protocols operate above the
transport layer.  I'd call SSL a session layer security protocol, if I had
to attach a label.  TLSP is an example of a transport layer security
protocol, i.e., it is integrated into the transport layer, not layered on
top.  Also, one additional downside of session layer security protocols is
the possible dependence on the ordering provided by the transport layer
protocol.  In the case of SSL, this means that an attack on TCP can quickly
kill the SSL session, requiring a new SSL session to be created, while TCP
thinks that everything is just fine...

Steve

---

Follow-Ups:

• Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• From: "Perry E. Metzger" <perry@piermont.com>

References:

• Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• From: "Perry E. Metzger" <perry@piermont.com>
• Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• From: Phil Karn <karn@qualcomm.com>

---

• Prev by Date: Re: transport vs network and ipsec syn
• Next by Date: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• Prev by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
• Index(es):
  • Main
  • Thread