Answer the question
In order to leave comments, you need to log in
F
F
floppa3222021-09-14 22:16:18
floppa322, 2021-09-14 22:16:18
What is the vulnerability of this approach?
I often heard on the Internet: "Don't do your own secure layer". This means not to do your own encryption over UDP, but to take something ready-made, for example, DTLS.
So, what prevents you from establishing a TLS connection, inside it (already via a secure encrypted connection) exchange symmetric keys for encryption , and then communicate via UDP, encrypting packets, with the keys obtained earlier via a TLS connection? Are there any obvious or not so obvious vulnerabilities here?
2 answer(s)
@Lite_stream
@jenki
K
ky0, 2021-09-14 @Lite_stream
Congratulations, you have invented "your own PFS " :)
In principle, you can do anything inside a normally encrypted channel, even exchange keys and establish a new connection based on these keys - but why? All kinds of IPSec tunnels and site-to-site tunnels serve to allow unencrypted traffic inside them, if, for example, the encryption protocol does not know how.
S
Stanislav Bodrov, 2021-09-16 @jenki
It means not to do your own encryption over UDPHere, most likely, the main thing is not to do your own encryption . UDP is just transport, it doesn't care what kind of load it carries. RH is going to implement support for encapsulating the SCTP protocol in UDP. You can safely encapsulate TLS in UDP if you like.
Similar questions
A
N
R
M
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question