Re: Ada for the TLS/SSL problem?

["Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>]

On 2016-03-16 19:31, Peter Brooks wrote:
> On Wednesday, 16 March 2016 19:05:09 UTC+2, Dmitry A. Kazakov  wrote:
>> On 2016-03-16 13:09, Peter Brooks wrote:
>>
>>> My feeling is that we'd need a general, configurable, security
>>> layer.  This can be proved to work by implementing TLS.
>>
>> Well from my POV the idea of a layer as known in SSL/TLS is a
>> non-starter. It is broken per design because it cannot provide
>> reasonable QoS, short latency required for automation and control
>> applications.
>>
>> The basic requirement is that encryption and signing may not coalesce
>> transport packets. Ideally it should work on the packet level with
>> packets of any length. I understand that this would impose difficult
>> problems but otherwise it would be unusable outside lousy web applications.
>>
> SSL, and TLS are defined at level 6 of the OSI model. See: https://en.wikipedia.org/w/index.php?title=OSI_model&action=submit

Yes, and that is the problem. It is way too high, a typical abstraction 
inversion with a heavy burden on both communication and 
application/user. The latter simple cannot be responsible for 
authentication and signing.

If you want a security layer the level 6 is inappropriate for most use 
cases.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de