RE: STLP and proposal

OK - this list is for TECHNICAL discussions. On this alias we should
discuss  the features needed in a new and better transport-layer
protocol and not the politics of choosing one existing protocol over
another.  (If we fall into the trap of the latter, we will all lose...)

Our only intent is to accelerate the process and get an open standard
within the IETF quickly.  It is Microsoft's goal with the STLP strawman
to avoid the anticipated shootout between SSL and PCT.  We would have
preferred to have taken PCT 2 as the basis for an STLP standard, but we
felt that doing this would have been viewed as contentious and have
merely delayed the development and adoption of a new protocol standard. 
So despite the risk that we would appear to be abandoning PCT and our
PCT partners, we decided to base our STLP strawman on SSLv3.  We remain
committed to supporting PCT and PCT developers just as Netscape is
committed to SSL and SSL developers.  

But the new protocol is not about PCT or SSL or any other individual
protocol.  It is simply about developing an OPEN standard.  We're
frankly delighted that transport layer security is an IETF working

btw: our STLP starting point incorporated the following ideas from PCT:

- datagram support
- new keys and cipher specs allowed, supporting pre-encrypted data
- less long-term dependence on particular algorithms
- more information in alerts for robust error-handling
- improved handshaking, allowing speed-up when the client has the
server's key
- additional authentication options, including previously shared secrets
- full specification of cert types and names for both clients and

The idea tho is to get other than MS and Netscape to comment on what
should be in STLP.  So please let's get an active discussion going on
the technology. 

Barbara Fox
Senior Architect

Received on Tuesday, 23 April 1996 17:40:05 UTC