From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00
	autolearn=unavailable autolearn_force=no version=3.4.4
Path: 
 eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!newsfeed.datemas.de!weretis.net!feeder4.news.weretis.net!news.mixmin.net!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Ada for the TLS/SSL problem?
Date: Wed, 16 Mar 2016 21:28:24 +0100
Organization: Aioe.org NNTP Server
Message-ID: <nccfle$7mg$1@gioia.aioe.org>
References: <5011d79c-aaad-464e-a68e-c31a2738a820@googlegroups.com>
 <87a8lzcv5a.fsf@jester.gateway.pace.com>
 <c74d55de-d3f8-49bb-8cfd-1e8726a51cf1@googlegroups.com>
 <87wpp3ar1l.fsf@jester.gateway.pace.com>
 <e7a1c6f0-9ef2-45b5-8e06-c9d5fad3c97b@googlegroups.com>
 <ncc3o0$1ftn$1@gioia.aioe.org>
 <8173fd3d-de91-4223-a069-8507f840d262@googlegroups.com>
NNTP-Posting-Host: zXPzNq/mBk7VbjgDFuNzVA.user.gioia.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
X-Notice: Filtered by postfilter v. 0.8.2
Xref: news.eternal-september.org comp.lang.ada:29811
Date: 2016-03-16T21:28:24+01:00
List-Id: <comp.lang.ada>

On 2016-03-16 19:31, Peter Brooks wrote:
> On Wednesday, 16 March 2016 19:05:09 UTC+2, Dmitry A. Kazakov  wrote:
>> On 2016-03-16 13:09, Peter Brooks wrote:
>>
>>> My feeling is that we'd need a general, configurable, security
>>> layer.  This can be proved to work by implementing TLS.
>>
>> Well from my POV the idea of a layer as known in SSL/TLS is a
>> non-starter. It is broken per design because it cannot provide
>> reasonable QoS, short latency required for automation and control
>> applications.
>>
>> The basic requirement is that encryption and signing may not coalesce
>> transport packets. Ideally it should work on the packet level with
>> packets of any length. I understand that this would impose difficult
>> problems but otherwise it would be unusable outside lousy web applications.
>>
> SSL, and TLS are defined at level 6 of the OSI model. See: https://en.wikipedia.org/w/index.php?title=OSI_model&action=submit

Yes, and that is the problem. It is way too high, a typical abstraction 
inversion with a heavy burden on both communication and 
application/user. The latter simple cannot be responsible for 
authentication and signing.

If you want a security layer the level 6 is inappropriate for most use 
cases.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de