Re: STLP and proposal from Taher Elgamal on 1996-04-24 (ietf-tls@w3.org from April to June 1996)

From: Taher Elgamal <elgamal@netscape.com>
Date: Tue, 23 Apr 1996 20:11:39 -0700
To: Barb Fox <bfox@microsoft.com>
Cc: "'ietf-tls@w3.org'" <ietf-tls@w3.org>
Message-Id: <317D9BEB.17E2@netscape.com>

Actually I am trying to avoid politics. I think since the discussion has
gone public anyway that we should judt take it public (to the WG) and 
avoid repetition.

Taher


Barb Fox wrote:
> 
> OK - this list is for TECHNICAL discussions. On this alias we should
> discuss  the features needed in a new and better transport-layer
> protocol and not the politics of choosing one existing protocol over
> another.  (If we fall into the trap of the latter, we will all lose...)
> 
> Our only intent is to accelerate the process and get an open standard
> within the IETF quickly.  It is Microsoft's goal with the STLP strawman
> to avoid the anticipated shootout between SSL and PCT.  We would have
> preferred to have taken PCT 2 as the basis for an STLP standard, but we
> felt that doing this would have been viewed as contentious and have
> merely delayed the development and adoption of a new protocol standard.
> So despite the risk that we would appear to be abandoning PCT and our
> PCT partners, we decided to base our STLP strawman on SSLv3.  We remain
> committed to supporting PCT and PCT developers just as Netscape is
> committed to SSL and SSL developers.
> 
> But the new protocol is not about PCT or SSL or any other individual
> protocol.  It is simply about developing an OPEN standard.  We're
> frankly delighted that transport layer security is an IETF working
> group!
> 
> btw: our STLP starting point incorporated the following ideas from PCT:
> 
> - datagram support
> - new keys and cipher specs allowed, supporting pre-encrypted data
> - less long-term dependence on particular algorithms
> - more information in alerts for robust error-handling
> - improved handshaking, allowing speed-up when the client has the
> server's key
> - additional authentication options, including previously shared secrets
> - full specification of cert types and names for both clients and
> servers
> 
> The idea tho is to get other than MS and Netscape to comment on what
> should be in STLP.  So please let's get an active discussion going on
> the technology.
> 
> Barbara Fox
> Senior Architect
> Microsoft

-- 
Taher Elgamal	    elgamal@netscape.com
Chief Scientist, Netscape Communications
(T) 415 937 2898, (F) 415 428 4054

Received on Tuesday, 23 April 1996 23:08:14 UTC