- From: Tom Weinstein <tomw@netscape.com>
- Date: Wed, 05 Feb 1997 09:31:04 -0800
- To: Rodney Thayer <rodney@sabletech.com>
- CC: ietf-tls@w3.org
Rodney Thayer wrote: > > I disagree that it's easy to SSL-ize applications. I added SSL to <a > commercial browser> and it was massively painful because of the > message negotiation that has to happen up front; this interfered > unfortunately with the non-blocking I/O model the browser was using. > > Of course, now that I have the scars from this experience I feel I > understand exactly what I need to do next time I design an > application... I agree, it's harder than it looks. Especially for applications that have to handle several open streams simultaneously. I also object to trying to do SSL and non-SSL on the same port for security reasons. It adds another level of complexity to making sure you don't get rolled back to an insecure state. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Received on Wednesday, 5 February 1997 12:30:45 UTC