Re: Mandatory TLS == OpenSSL everywhere? !?! from Phillip Hallam-Baker on 2013-11-16 (ietf-http-wg@w3.org from October to December 2013)

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Sat, 16 Nov 2013 00:04:44 -0500
To: Mike Belshe <mike@belshe.com>
Cc: Tao Effect <contact@taoeffect.com>, Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAMm+LwgYCDOfEyijzPSAxpOTs8poErAaVUBZPtNowrEj0Pub3g@mail.gmail.com>

On Thu, Nov 14, 2013 at 5:15 PM, Mike Belshe <mike@belshe.com> wrote:

> One of the things that the IETF does with all new standards is to build
> multiple, working implementations.  This was done as part of the TLS
> development as well as HTTP.
>
> Rob T could comment further, but I don't believe the windows TLS stack has
> much (any?) OpenSSL in it.
>

I am pretty certain it predates OpenSSL by a very long time. CryptoAPI
certainly predates Netscape.

Its not just the SSL library, it is the crypto library and the X.509 stack.
These are all mix and match. What has tended to happen is that crypto
libraries have been extended to add PKIX and S/MIME and TLS and DTLS have
been natural additions.

-- 
Website: http://hallambaker.com/

Received on Saturday, 16 November 2013 05:05:12 UTC