TLS Brainstorm TLS, DTLS and QUIC
-
Hallo community,
why is DTLS so little used? Or is it because UDP is generally disliked?
And my second question is:
Why is Google creating QUIC which is using UDP despite the fact that there is DTLS?And my Third Brainstorm question:
wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL?
-
Hallo community,
why is DTLS so little used? Or is it because UDP is generally disliked?
And my second question is:
Why is Google creating QUIC which is using UDP despite the fact that there is DTLS?And my Third Brainstorm question:
wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL?
@QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:
wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL
Please be aware that asymmetric encryption (private/public keys) is more resource intensive that symmetric encryption (one shared key).
And "SSL" (TLS these days) it's an hybrid process. It starts using private/public keys, but then a shared key is negotiated to carry on all encryption as symmetric encryption.
This is an interesting video describing the handshake of a TLS connection.
-
@QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:
wouldn't it be the same result if you just encrypt the content via private/public Key system and send it over unencrypted socket instead of using SSL
Please be aware that asymmetric encryption (private/public keys) is more resource intensive that symmetric encryption (one shared key).
And "SSL" (TLS these days) it's an hybrid process. It starts using private/public keys, but then a shared key is negotiated to carry on all encryption as symmetric encryption.
This is an interesting video describing the handshake of a TLS connection.
@Pablo-J-Rogina
Thank you for the reply regarding pub/priv Key.
Probably OpenVPN and Softether are handling it this way with Certification Authentification.The Video is stating that the Certificate is also authentificating the Host/IP.
But How do you use Certificates with Participants with dynamic IP ? In Germany the ISPs are changing the IPv6 for private consumers too after a period of time. I think this is an "inofficial" agreement with data protectors. since a static ip could make tracing too easy.
How to authentificate two peers which may not have a static host/IP?
-
@Pablo-J-Rogina
Thank you for the reply regarding pub/priv Key.
Probably OpenVPN and Softether are handling it this way with Certification Authentification.The Video is stating that the Certificate is also authentificating the Host/IP.
But How do you use Certificates with Participants with dynamic IP ? In Germany the ISPs are changing the IPv6 for private consumers too after a period of time. I think this is an "inofficial" agreement with data protectors. since a static ip could make tracing too easy.
How to authentificate two peers which may not have a static host/IP?
@QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:
But How do you use Certificates with Participants with dynamic IP ?
And don't you think that the issue is already addressed?
Think about Google or Facebook having fixed IPs? What about load balancing...
The certificate can be issued for both IP address(es) or domain name(s) see for instance the details of the certificate for this forum.
-
@QtCoder87 said in TLS Brainstorm TLS, DTLS and QUIC:
But How do you use Certificates with Participants with dynamic IP ?
And don't you think that the issue is already addressed?
Think about Google or Facebook having fixed IPs? What about load balancing...
The certificate can be issued for both IP address(es) or domain name(s) see for instance the details of the certificate for this forum.
