From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Ada for the TLS/SSL problem?
Date: Wed, 16 Mar 2016 21:28:24 +0100
Date: 2016-03-16T21:28:24+01:00 [thread overview]
Message-ID: <nccfle$7mg$1@gioia.aioe.org> (raw)
In-Reply-To: 8173fd3d-de91-4223-a069-8507f840d262@googlegroups.com
On 2016-03-16 19:31, Peter Brooks wrote:
> On Wednesday, 16 March 2016 19:05:09 UTC+2, Dmitry A. Kazakov wrote:
>> On 2016-03-16 13:09, Peter Brooks wrote:
>>
>>> My feeling is that we'd need a general, configurable, security
>>> layer. This can be proved to work by implementing TLS.
>>
>> Well from my POV the idea of a layer as known in SSL/TLS is a
>> non-starter. It is broken per design because it cannot provide
>> reasonable QoS, short latency required for automation and control
>> applications.
>>
>> The basic requirement is that encryption and signing may not coalesce
>> transport packets. Ideally it should work on the packet level with
>> packets of any length. I understand that this would impose difficult
>> problems but otherwise it would be unusable outside lousy web applications.
>>
> SSL, and TLS are defined at level 6 of the OSI model. See: https://en.wikipedia.org/w/index.php?title=OSI_model&action=submit
Yes, and that is the problem. It is way too high, a typical abstraction
inversion with a heavy burden on both communication and
application/user. The latter simple cannot be responsible for
authentication and signing.
If you want a security layer the level 6 is inappropriate for most use
cases.
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2016-03-16 20:28 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-15 18:46 Ada for the TLS/SSL problem? Peter Brooks
2016-03-15 19:00 ` Shark8
2016-03-15 19:10 ` Peter Brooks
2016-03-15 19:04 ` Shark8
2016-03-15 20:47 ` Florian Weimer
2016-03-16 8:14 ` Dmitry A. Kazakov
2016-03-16 17:42 ` Florian Weimer
2016-03-16 18:25 ` Dmitry A. Kazakov
2016-03-16 22:18 ` Florian Weimer
2016-03-17 8:14 ` Dmitry A. Kazakov
2016-03-15 21:02 ` Paul Rubin
2016-03-16 4:08 ` Peter Brooks
2016-03-16 6:13 ` Paul Rubin
2016-03-16 12:09 ` Peter Brooks
2016-03-16 17:04 ` Dmitry A. Kazakov
2016-03-16 18:31 ` Peter Brooks
2016-03-16 20:28 ` Dmitry A. Kazakov [this message]
2016-03-16 19:57 ` Olivier Henley
2016-03-16 8:42 ` Jacob Sparre Andersen
2016-03-16 8:46 ` Dmitry A. Kazakov
2016-03-16 10:52 ` G.B.
2016-03-16 15:27 ` G.B.
2016-03-16 12:14 ` Peter Brooks
2016-03-16 12:17 ` Bob Butler
2016-04-26 10:42 ` Peter Brooks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox