W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Mandatory TLS == OpenSSL everywhere? !?!

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Sat, 16 Nov 2013 00:04:44 -0500
Message-ID: <CAMm+LwgYCDOfEyijzPSAxpOTs8poErAaVUBZPtNowrEj0Pub3g@mail.gmail.com>
To: Mike Belshe <mike@belshe.com>
Cc: Tao Effect <contact@taoeffect.com>, Adrien de Croy <adrien@qbik.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Nov 14, 2013 at 5:15 PM, Mike Belshe <mike@belshe.com> wrote:

> One of the things that the IETF does with all new standards is to build
> multiple, working implementations.  This was done as part of the TLS
> development as well as HTTP.
> Rob T could comment further, but I don't believe the windows TLS stack has
> much (any?) OpenSSL in it.

I am pretty certain it predates OpenSSL by a very long time. CryptoAPI
certainly predates Netscape.

Its not just the SSL library, it is the crypto library and the X.509 stack.
These are all mix and match. What has tended to happen is that crypto
libraries have been extended to add PKIX and S/MIME and TLS and DTLS have
been natural additions.

Website: http://hallambaker.com/
Received on Saturday, 16 November 2013 05:05:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC