9
edits
Talk:UDP API DEV: Difference between revisions
→Crypto Protocol: add note about hmac
(→Crypto Protocol: add response) |
(→Crypto Protocol: add note about hmac) |
||
| Line 38: | Line 38: | ||
::If TLS really is too much overhead, I'd suggest using ESP (from IPSec) with static keying (so you don't need the additional complexity of IKE). You can encapsulate that in a UDP packet, instead of IP proto 50. | ::If TLS really is too much overhead, I'd suggest using ESP (from IPSec) with static keying (so you don't need the additional complexity of IKE). You can encapsulate that in a UDP packet, instead of IP proto 50. | ||
::I think, if you're going to give users a "secure" checkbox, it really ought to be secure. The best way to accomplish that is to use a well-understood, well-studied security protocol instead of inventing yet another. The "invent yet another" security protocols all too often turn out to be completely insecure. | ::I think, if you're going to give users a "secure" checkbox, it really ought to be secure. The best way to accomplish that is to use a well-understood, well-studied security protocol instead of inventing yet another. The "invent yet another" security protocols all too often turn out to be completely insecure. | ||
::BTW: If you're just trying to prevent password sniffing, there are already several well-studied HMAC-based protocols which do that, and do it with minimal overhead. Low enough that you could probably just use it by default. | |||
::—[[User:Derobert|Derobert]] 14:56, 30 January 2006 (CET) | ::—[[User:Derobert|Derobert]] 14:56, 30 January 2006 (CET) | ||