SSL/TLS Shortcomings -
- SSL is point to point - when the message reaches a peer server
- SSL needs to be stripped off so that the message can be processed
SSL Limitations:
- SSL is point to point - where as we need end 2 end security, as typical enterprise application has multiple layers.
- SSL is transport layer security - not message level security - data in disk cannot be protected by ssl
- HTTPS - does not support nonrepudiation well - critical for business
- server can prove that a completed transaction was requested by a client (in case a dispute arises)
- SSL does not support element wise signing - i.e. sign only the credit card details of the entire message.
No comments:
Post a Comment