Home > Ask the Security Experts > Questions & Answers > Finding the answers to specific SSL questions
Ask The Security Expert: Questions & Answers
EMAIL THIS

Finding the answers to specific SSL questions

Jonathan Callas EXPERT RESPONSE FROM: Jonathan Callas

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site
>
QUESTION POSED ON: 11 September 2002

I have a couple questions about SSL. First of all, why does SSL have a Change Cipher Spec Protocol that contains only the change_cipher_spec message? Why was the change_cipher_spec message just not defined in the Handshake Protocol? I'm sure there is a reason that a separate protocol was created, but I have not been able to find it.

My second question is about the client and server secrets and keys in the connection state. Why are there two write MAC secrets (one for the client and one for the server) and two write keys (one for the client and one for the server) in the connection state? I can understand why one MAC secret and one write key would be needed, but I can't understand why there are two of each. Aren't these secrets and keys symmetric, meaning only one key/secret is needed?

Any help you could give me on this would be greatly appreciated.

>

The best place to find the answers to your questions would be the SSL/TLS working group mailing lists in the IETF. Many questions -- like "why did you do it this way" are best answered by the people who actually did it. Here is information about the working group mailing lists:

General Discussion: ietf-tls@lists.certicom.com
To Subscribe: ietf-tls-request@lists.certicom.com
Archive: http://www.imc.org/ietf-tls/mail-archive

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts