>> how exactly does sending TLS credentials involve ferreting around in the >> depths of a network stack? >> > > It doesn't:-) Those responsible for the creation and maintenance of security > credentials - which I see as the major ongoing work of security - prefer to do > at an application level, using appropriate databases, which are > somewhat removed from the lower layers in which TLS sits. So TLS has a > different set of credentials or none, which is the problem that channel binding > overcomes. maybe what I think of as "application level" is different than how you think of this term, but I've never heard of a client application that uses TLS where TLS wasn't being called by the application, and where the application wasn't in a position to supply credentials via TLS to the server. I'm not trying to be picky here. Rather I think there's probably an important principle here that needs to be teased out. KeithReceived on Thursday, 14 June 2007 20:43:04 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 4 October 2011 12:13:58 GMT