SSL and replay attacks

[Ajay <abra9823 () mail usyd edu au>]

hi!

i have a client-server application, where clients download data from the
webserver over SSL. the data downloaded is signed.
do i need to include a nonce in the signature to prevent replay attacks? I
am thinking that since the exchange is over SSL, an attacker would not be
able to obtain the signed data in order to replay it.

thanks

cheers





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.