"Victor B. Wagner" <[EMAIL PROTECTED]> writes: > One example which can be tested with stock OpenSSL without national > cryptography modules is - usage of NULL ciphers. They are not enabled by > default, but use of them provides cryptographically strong > authentication with client certificates and data consistency checking > with MAC algorithm, but avoids overhead of encryption. > > Consider situation when data are public anyway, but data modification > should be properly authorized.
I'm not sure that's a particularly good use case. There are attacks in the wild that hijack existing TCP connections. If you only authenticate connections and then even with the MAC checks I think you would have a chance of being able to take over the connection. That said it doesn't mean there aren't valid use cases. If for example you wanted to do some initial data load without encryption but didn't want to have to reconfigure your network to allow connections on different ports. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
