From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=unavailable autolearn_force=no version=3.4.4
X-Received: by 10.66.149.33 with SMTP id tx1mr4037200pab.28.1458153084352;
        Wed, 16 Mar 2016 11:31:24 -0700 (PDT)
X-Received: by 10.182.80.74 with SMTP id p10mr86861obx.8.1458153084290; Wed,
 16 Mar 2016 11:31:24 -0700 (PDT)
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!au2pb.net!feeder.erje.net!2.us.feeder.erje.net!news.glorb.com!av4no896891igc.0!news-out.google.com!k1ni440igd.0!nntp.google.com!av4no896887igc.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.lang.ada
Date: Wed, 16 Mar 2016 11:31:24 -0700 (PDT)
In-Reply-To: <ncc3o0$1ftn$1@gioia.aioe.org>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com;
 posting-host=169.0.179.123;
 posting-account=p-xPhAkAAADjHQWEO7sFME2XBdF1P_2H
NNTP-Posting-Host: 169.0.179.123
References: <5011d79c-aaad-464e-a68e-c31a2738a820@googlegroups.com>
 <87a8lzcv5a.fsf@jester.gateway.pace.com>
 <c74d55de-d3f8-49bb-8cfd-1e8726a51cf1@googlegroups.com>
 <87wpp3ar1l.fsf@jester.gateway.pace.com>
 <e7a1c6f0-9ef2-45b5-8e06-c9d5fad3c97b@googlegroups.com>
 <ncc3o0$1ftn$1@gioia.aioe.org>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8173fd3d-de91-4223-a069-8507f840d262@googlegroups.com>
Subject: Re: Ada for the TLS/SSL problem?
From: Peter Brooks <peter.h.m.brooks@gmail.com>
Injection-Date: Wed, 16 Mar 2016 18:31:24 +0000
Content-Type: text/plain; charset=ISO-8859-1
Xref: news.eternal-september.org comp.lang.ada:29809
Date: 2016-03-16T11:31:24-07:00
List-Id: <comp.lang.ada>

On Wednesday, 16 March 2016 19:05:09 UTC+2, Dmitry A. Kazakov  wrote:
> On 2016-03-16 13:09, Peter Brooks wrote:
> 
> > My feeling is that we'd need a general, configurable, security
> > layer.  This can be proved to work by implementing TLS.
> 
> Well from my POV the idea of a layer as known in SSL/TLS is a 
> non-starter. It is broken per design because it cannot provide 
> reasonable QoS, short latency required for automation and control 
> applications.
> 
> The basic requirement is that encryption and signing may not coalesce 
> transport packets. Ideally it should work on the packet level with 
> packets of any length. I understand that this would impose difficult 
> problems but otherwise it would be unusable outside lousy web applications.
>
SSL, and TLS are defined at level 6 of the OSI model. See: https://en.wikipedia.org/w/index.php?title=OSI_model&action=submit
> 
> It is OK to implement TLS as-is, nobody would object that. But something 
> better must be really better.
> 
Undoubtably!