Cryptography and network security by Stallings. Question 4. (a) Is it possible in SSL for the receiver to reorder SSL record blocks that arrive out of order? If so, explain how it can be done. If not, why not? (b) For SSH packets, what is the advantage, if any, of not including the MAC in the scope of the packet encrytion? Solution a) SSL relies on an underlying reliable protocol TCP to assure that bytes are not lost or inserted. There was some discussion of reengineering the future TLS protocol to work over datagram protocols such as UDP, in which case out-of-order blocks cannot be handled. So it depends on the transport layer protocol SSL/TLS runs on. b) As alluded to by Palo Ebermann\'s comment, the word authentication has a different meaning in the two scenarios you mentioned. In the key exchange phase of SSH, the purpose of authentication is to ensure to both parties that they are indeed talking to the right peer (if using mutual authentication). Typically, the server authenticates itself using its public key and the client uses a username and password. In the SSH record layer phase (i.e., the sending of the actual application data), the purpose of authentication is to protect each individual data packet from tampering. This is achieved using the MAC. To encrypt application data SSH typically uses either AES in counter mode or in CBC mode. Neither of these modes of operation provides protection against tampering of the ciphertext. Thus they need to be accompanied with a MAC in order to detect this. Consider e.g., the silly example where Alice sends the following message encrypted using AES in counter mode, but without any MAC: Transfer 100 USD from Alice to Bob. Then someone (Bob?) could flip a few strategically placed bits in the ciphertext, so that it would actually decrypt to Transfer 10 000 USD from Alice to Bob. instead. Note that without any MAC, it would be impossible for the recipient to notice that this ciphertext had been tampered with. Also, observe that this fact is completely independent of any key exchange that has been done prior to the tampering. .