True, but if you just want a packet or record format you might look at sections 6.2 and 6.3 of RFC 2246.
====================== Greg Stark [EMAIL PROTECTED] ====================== ----- Original Message ----- From: "Lutz Jaenicke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, January 26, 2002 9:47 AM Subject: Re: Question on combining encryption with authentication > On Fri, Jan 25, 2002 at 10:31:34AM -0700, James Yonan wrote: > > > "James Yonan" <[EMAIL PROTECTED]> writes: > > > > What is the best way to authenticate an encrypted packet in a peer-to-peer > > > > application that uses a symmetric cipher and a shared private key? > > > Tehre's been a lot of argument about this. > > > > > > There are some theoretical attacks that suggest that you should > > > hash the ciphertext, not the plaintext but as long as you use > > > CBC mode block ciphers you should be fine. > > > > > > I'd advise you to just use the packet format from SSL. > > > > Can I use SSL packet format over a non-stream, UDP-based connection? > > No. SSL requires a reliable transport below it (all packets must come > from the transport as sent: no losses, no duplicates, no out-of-order). > > Best regards, > Lutz > -- > Lutz Jaenicke [EMAIL PROTECTED] > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > BTU Cottbus, Allgemeine Elektrotechnik > Universitaetsplatz 3-4, D-03044 Cottbus > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
