newbie : transport vs application layer encryption
rvj
I assume that in principle that encryption could just as equally be
implimented at the application layer rather than at the transport layer
Instead of using HTTPS and TCP port 443, should n't it be possible to use
symmetrical encryption to convert all client input which is then de-encryted
on the server using the same symmetric key?
Assuming that client and server are both aware of a common symmetric key
1. client input
2. input is encrypted using symmetric key within browser as HTTP string
via client javascript
3 server de-encryption of HTTP string using same symmetric key
A. Does anyone know of (or has anyone published) any articles on symmetrical
encryption at the application layer?
B. Has anyone developed signed javascripts which -given a symmetric key -
will convert and send data via HTTP?
C. Is there any fundamental reason why SSL layer must exist - since it only
appears to be an arbitary layer.?