[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS ssfs confusion
On Wed, 25 Aug 2004, Dick Davies wrote:
> And what's the difference between 'transport security strength factor'
> for updates, and 'tls security strength factor' for updates'?
Transport layer encryption versus cryptographic authentication.
128-bit SSL encrypts the whole deal. But within that encrypted envelope,
a simple bind or PLAIN bind sends the password in plaintext, which gets
ssf=0.
You get ssf > 0 for things like kerberos, cram-md5, and client SSL certs
that protect credentials separately from the transport layer.
See the cyrus-sasl documentation for more.
--
Rich Graves <rcgraves@brandeis.edu>
UNet Systems Administrator