- From: Bill O'Donnell <billo@coyote.server.net>
- Date: Thu, 6 Feb 1997 16:48:37 -0500
- To: chk@gnu.ai.mit.edu
- CC: ietf-tls@w3.org
X-POP3-Rcpt: billo@home Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b5) Sender: Christian Kuhtz <chk@continuum.epoch.org> From: Christian Kuhtz <chk@gnu.ai.mit.edu> Date: Thu, 6 Feb 97 14:04:37 -0700 Cc: ietf-tls@w3.org References: <199702061732.MAA03355@coyote.server.net> On Thu, 6 Feb 1997 12:32:06 -0500, "Bill O'Donnell" <billo@coyote.server.net> wrote: > While it may be inelegant to simply double the number of ports for > security, it probably won't actually cause any serious insurmountable > problems in the future. An application-level protocol or scheme > for negotiation up to SSL/TLS will forever cause compatibility and > interoperability problems. Such as? - broken clients that predate the negotiation protocol that manage to accidentally trip the negotiation sequence, but obviously can't complete it. - servers that predate the negotiation protocol that react badly to clients trying to get a secure connection. > Saying "it's easy" to come up with a universal scheme to allow this > kind of negotiation is naive. In reality, it's probably impossible. Would you mind sharing what you have in mind as an insurmountable show stopper? - Some protocols may because of their very nature may leave no room for escape mechanisms to substitute a different sub-application layer protocol. - If it was really easy, some really smart person out there might have been able to at least describe it by now. It's usually safer to think of software problems as hard until demonstrated to be easy, not the other way around. Bill O'Donnell billo@netcentric.com billo@server.net me@billo.com NetCentric Corp 17 Msgr O'Brien Hwy Cambridge, MA 02142
Received on Thursday, 6 February 1997 16:51:28 UTC