[
Lists Home |
Date Index |
Thread Index
]
> btw, if you are worried about integrity, then you need to transmit the
> md5sum/sha1sum outside of the payload. We are using our own protocol so
> it is easy for doing it...
Or you sign the data. Now the only thing the receipient has to do is have
out-of-band knowledge about either the certificate doing the signing, or
the CA that generates the signing certificate(s). Both of these are
examples of indirection. With out-of-band XXXsum, you have to "securely"
convey that for every payload; with a certificate, you only have to do
that when the certificate changes, the one you're seeing expires, or when
you think it might be compromised; with a CA certificate, you can have
multiple signers and/or renewal of existing signers.
Each level of indirection reduces the amount of work you have to do
per-message, but increases the risk of exposure if something goes wrong
(such as an adversary getting access to a private key). Sometimes the
choice is easy -- an authoritative website can easily publish a list of
digests for various releases -- and sometimes the tradeoffs are harder to
determine.
/r$
--
SOA Appliances
Application Integration Middleware
|
