[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS ssfs confusion



On Wed, 25 Aug 2004, Dick Davies wrote:

> And what's the difference between 'transport security strength factor'
> for updates, and 'tls security strength factor' for updates'?

Transport layer encryption versus cryptographic authentication.

128-bit SSL encrypts the whole deal. But within that encrypted envelope, 
a simple bind or PLAIN bind sends the password in plaintext, which gets 
ssf=0.

You get ssf > 0 for things like kerberos, cram-md5, and client SSL certs 
that protect credentials separately from the transport layer.

See the cyrus-sasl documentation for more.
-- 
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator