From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!aioe.org!.POSTED!not-for-mail From: "Dmitry A. Kazakov" Newsgroups: comp.lang.ada Subject: Re: Ada for the TLS/SSL problem? Date: Wed, 16 Mar 2016 18:04:59 +0100 Organization: Aioe.org NNTP Server Message-ID: References: <5011d79c-aaad-464e-a68e-c31a2738a820@googlegroups.com> <87a8lzcv5a.fsf@jester.gateway.pace.com> <87wpp3ar1l.fsf@jester.gateway.pace.com> NNTP-Posting-Host: zXPzNq/mBk7VbjgDFuNzVA.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@aioe.org User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 X-Notice: Filtered by postfilter v. 0.8.2 Xref: news.eternal-september.org comp.lang.ada:29806 Date: 2016-03-16T18:04:59+01:00 List-Id: On 2016-03-16 13:09, Peter Brooks wrote: > My feeling is that we'd need a general, configurable, security > layer. This can be proved to work by implementing TLS. Well from my POV the idea of a layer as known in SSL/TLS is a non-starter. It is broken per design because it cannot provide reasonable QoS, short latency required for automation and control applications. The basic requirement is that encryption and signing may not coalesce transport packets. Ideally it should work on the packet level with packets of any length. I understand that this would impose difficult problems but otherwise it would be unusable outside lousy web applications. It is OK to implement TLS as-is, nobody would object that. But something better must be really better. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de