RE: which to implement?

>SSLv3 and PCTv2 are both PAPER protocols.  We're living with SSLv2 and
>PCTv1 in real code, and we all agree that's not good enough.  The
>purpose of this TLS working group is to come up with something more
>secure and more open, but I agree with Win and Taher that we need to be
>in Final Draft form by July to have an IETF standard in 1996.  This is
>critical to all of us so that we don't have to even think about what we
>implement.  "STLP" should be the Internet standard - so let's get
serious about what's in it, so we can all get on with the code.

>Do any of you want to sit down together for a day and work up an STLP
>draft to present to the whole working group before the IETF meeting in
>June?  There's some great discussion going on the list, but maybe a
>face-to-face meeting with anyone who is really interested could
>accelerate the process.  Any takers? I would be happy to schedule and
arrange for such a meeting if people are amenable.

Tom Stephens
Program Manager
Microsoft Corporation

>From: 	Rodney Thayer[]
>Sent: 	Wednesday, April 24, 1996 3:12 AM
>To: 	Sean Dalby
>Subject: 	which to implement?
>netscape in the ssl3 spec claims it is going to deprecate ssl2
>yet ssl2 has a significant installed base and I'm not convinced it will
>away the moment <something else> shows up, regardless of what the
>else is.
>now there's the IETF activity too.
>and there's an other Microsoft protocol (can't remember it's name at
>the moment)
>and there's SHTTP which apparently has not yet disappeared -- although
>you can't buy any browsers that support it maybe it's not really here
>of course all this could become instantly irrelevant if for example
>Card started giving away free netscape plug-in's with their own
>this all makes for a tough call on what to implement.  my personal
>today, is:
>  1. reconsider decision continuously
>  2. do not implement ssl2 as netscape is going to desupport it soon
>  3. do not implement non-existant protocols (meaning SSL3, today.)
>  4. use a protocol known to be implement by others
>so today's answer ends up being PCT.  I really would rather do
>with a genuine IETF process behind it but there is no such protocol
>Yes yes there is now an active process, and that's *GOOD*, but there
>no code today.
>just my opinion...
>At 03:04 PM 4/16/96 -0600, you wrote:
>  ...
>                  Rodney Thayer           ::        
>                  Sable Technology Corp   ::              +1 617 332
>                  246 Walnut St           ::         Fax: +1 617 332
>                  Newton MA 02160 USA     :: 
>                           "Developers of communications software"


Received on Friday, 26 April 1996 22:13:19 UTC