- From: Barb Fox <bfox@microsoft.com>
- Date: Tue, 23 Apr 1996 14:35:01 -0700
- To: "'ietf-tls@w3.org'" <ietf-tls@w3.org>
OK - this list is for TECHNICAL discussions. On this alias we should discuss the features needed in a new and better transport-layer protocol and not the politics of choosing one existing protocol over another. (If we fall into the trap of the latter, we will all lose...) Our only intent is to accelerate the process and get an open standard within the IETF quickly. It is Microsoft's goal with the STLP strawman to avoid the anticipated shootout between SSL and PCT. We would have preferred to have taken PCT 2 as the basis for an STLP standard, but we felt that doing this would have been viewed as contentious and have merely delayed the development and adoption of a new protocol standard. So despite the risk that we would appear to be abandoning PCT and our PCT partners, we decided to base our STLP strawman on SSLv3. We remain committed to supporting PCT and PCT developers just as Netscape is committed to SSL and SSL developers. But the new protocol is not about PCT or SSL or any other individual protocol. It is simply about developing an OPEN standard. We're frankly delighted that transport layer security is an IETF working group! btw: our STLP starting point incorporated the following ideas from PCT: - datagram support - new keys and cipher specs allowed, supporting pre-encrypted data - less long-term dependence on particular algorithms - more information in alerts for robust error-handling - improved handshaking, allowing speed-up when the client has the server's key - additional authentication options, including previously shared secrets - full specification of cert types and names for both clients and servers The idea tho is to get other than MS and Netscape to comment on what should be in STLP. So please let's get an active discussion going on the technology. Barbara Fox Senior Architect Microsoft
Received on Tuesday, 23 April 1996 17:40:05 UTC