Lists Home |
Date Index |
> Architectural constraints such as statelessness, are constraints on
> form, not function; what you're talking about *is* possible.
Wow, news to me. Thanks.
> issue will be whether the larger message size in the stateless
> solution will be acceptable or not. How much state are you're talking
Let's assume RSA with a key size of 2K bits, maybe sometimes 4K. A
signature is the same as the key size, so you're talking 256 or 512 bytes,
plus the data being signed, of coruse.
At least one certificate will have to flow in each direction. A
certificate is signed and has a couple-K of data, so call it 2-4Kbytes
The data being signed is context dependant. For SSL it's a running
hash of *all* messages the two parties have exchanged. That's a
small amount of state (20 bytes for SHA1), but assumes a reliable
byte-stream protocol. :)
Does that help?
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html