- From: David Brownell - JavaSoft <david.brownell@Eng.Sun.COM>
- Date: Mon, 21 Oct 1996 09:43:02 -0700
- To: ietf-tls@w3.org, treese@OpenMarket.com
> 1) Try to come to closure on an updated/fixed specification > of SSLv3.0 for the standards track, with no major > changes I'd like to see this happen. At the very least, the existing RFC should get updated with the clarifications which I know all implementors have contributed (including the list of errata), and then recirculated. This of course leaves open the issue of "who does it". I will gladly help review, applying my experience as an implementor. No time to help write before the San Jose meeting, though. > 1. If we pursued option #1, and then never did anything else, > would the WG have been successful? Based on some recent discussions in other parts of the IETF, yes. New WGs could be set up to do later work. > 3. Is it better now to advance the state of the art, given that we > have some user requirements, or simply to codify the current use? SSL v3.0 _does_ advance the state of the art, and it does address the requirements of numerous users. If do our best to ensure that it can later be compatibily extended (done already, yes?) then we can later advance the state of the art by bringing additional users under our Big Top later on, e.g. by supporting shared key authentication via GSS-API handshaking. I suspect attribute certs may be more of a PKI issue than a TLS issue. - Dave
Received on Monday, 21 October 1996 12:43:32 UTC