6.5 Conclusions

In this chapter, we focused on a pair of security protocols that have been proposed for the transport layer. In particular, we overviewed and discussed the SSL and TLS protocols. Given the current situation on the Internet security market, it is possible and very likely that the TLS protocol will be one of the most important security protocols for the Internet. This is particularly true for the HTTP and the WWW. It is, however, also true for other applications (protocols) layered on top of TCP. For example, one can reasonably expect that future releases of software packages for Telnet, FTP, SMTP, POP3, and IMAP4 will implement and support the TLS protocol as well.

Both the SSL and the TLS protocols are layered on top of TCP. They neither address nor meet the security requirements of applications and application protocols that are layered on UDP. Unfortunately, there is an increasingly large number of applications and application protocols layered on UDP (e.g., protocols for real-time or multicast communications). For all these applications and application protocols, the SSL and the TLS protocols do not provide a viable solution. There are at least two conclusions one can draw from this situation:

There is room for further research to address the question of how to secure UDP-based applications on the transport layer (e.g., a preliminary study is done in [18]).
There is room for security protocols that operate either below or above the transport layer.

The second conclusion is particularly important, as it counters the argument that all other security protocols have become obsolete with the wide deployment of SSL/TLS. In the previous chapter, we overviewed and discussed other security protocols that operate below or above the transport layer.