W3C home > Mailing lists > Public > ietf-tls@w3.org > October to December 1996

Re: Busted TLS Schedule, and a Proposal for Closure

From: Jeff Williams <jwkckid1@ix.netcom.com>
Date: Wed, 16 Oct 1996 20:03:44 -0500
Message-Id: <1.5.4.16.19961017010344.0927ac74@popd.ix.netcom.com>
To: ietf-tls@w3.org
At 03:44 PM 10/16/96 -0700, you wrote:
>Christopher Allen wrote:
>> 
>> As I recall there were only two technical proposals on the table in
>> August and September (both of which I think were late), Netscape's
>> authority attributes, and Microsoft's secret key authentication. I
>> have not seen on this list sufficient consensus to move forward on
>> either of them.
>> 
>> I would like to suggest to Win Treese, the TLS-WG chairman, that we
>> table the two proposals for now, and settle on moving SSL 3.0 into TLS
>> 1.0 *as is*, however, with some clarifications to the spec.
>> 
>> I would like to see that early in November a small group of engineers
>> who have actually *implemented* SSL 3.0 get together with the current
>> SSL 3.0 authors to clarify the spec. *Not* change the spec, only
>> clarify any ambiguities (we have found in writing SSLRef 3.0, SSL
>> Plus, and an SSL Fortezza implemenation a number of ambiguities, and
>> I'm sure others have as well.)
>> 
>> This cleaned up spec would be called TLS 1.0 and published as an
>> internet draft for final comments in time for the December IETF
>> meeting in San Jose.
>> 
>> SSL 3.0 is already widely deployed. Both Microsoft and Netscape have
>> it now in their browsers and servers, and many other companies now
>> have SSL 3.0 browsers, web servers, and non-web application under
>> development with SSL 3.0.
>> 
>> Thus I believe that is appropriate that the continued revisions of the
>> SSL 3.0 standard move to IETF change control, and it's authors seem
>> willing to allow it to do so. Given this I think SSL 3.0 is an
>> appropriate starting point for IETF and TLS-WG, and that the the
>> TLS-WG should ratify it with the ambiguities cleaned up.
>> 
>> From that solid base we can move toward TLS 1.1, which then might
>> include Microsoft's and Netscape's proposals.
>
>I think this is an excellent idea.

  I agree with Tom here.  I would add that when seperating the two documents
that mutual refrence to each be included in each.  I would also think that
Netscape's
 authority attributes, and Microsoft's secret key authentication be included in
a manner that would be inclusive in the final perposal document.

Reguards,


>
>-- 
>You should only break rules of style if you can    | Tom Weinstein
>coherently explain what you gain by so doing.      | tomw@netscape.com
>
>
>
Jeffrey A. Williams
SR.Internet Network Eng. 
CEO., IEG., INC.,  Representing PDS .Ltd.
Web: http://www.pds-link.com 
Phone: 214-793-7445 (Direct Line)
Director of Network Eng. and Development IEG. INC.
Received on Wednesday, 16 October 1996 21:28:07 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:34:54 EDT