Re: Busted TLS Schedule, and a Proposal for Closure

Christopher Allen wrote:
> As I recall there were only two technical proposals on the table in
> August and September (both of which I think were late), Netscape's
> authority attributes, and Microsoft's secret key authentication. I
> have not seen on this list sufficient consensus to move forward on
> either of them.
> I would like to suggest to Win Treese, the TLS-WG chairman, that we
> table the two proposals for now, and settle on moving SSL 3.0 into TLS
> 1.0 *as is*, however, with some clarifications to the spec.
> I would like to see that early in November a small group of engineers
> who have actually *implemented* SSL 3.0 get together with the current
> SSL 3.0 authors to clarify the spec. *Not* change the spec, only
> clarify any ambiguities (we have found in writing SSLRef 3.0, SSL
> Plus, and an SSL Fortezza implemenation a number of ambiguities, and
> I'm sure others have as well.)
> This cleaned up spec would be called TLS 1.0 and published as an
> internet draft for final comments in time for the December IETF
> meeting in San Jose.
> SSL 3.0 is already widely deployed. Both Microsoft and Netscape have
> it now in their browsers and servers, and many other companies now
> have SSL 3.0 browsers, web servers, and non-web application under
> development with SSL 3.0.
> Thus I believe that is appropriate that the continued revisions of the
> SSL 3.0 standard move to IETF change control, and it's authors seem
> willing to allow it to do so. Given this I think SSL 3.0 is an
> appropriate starting point for IETF and TLS-WG, and that the the
> TLS-WG should ratify it with the ambiguities cleaned up.
> From that solid base we can move toward TLS 1.1, which then might
> include Microsoft's and Netscape's proposals.

I think this is an excellent idea.

You should only break rules of style if you can    | Tom Weinstein
coherently explain what you gain by so doing.      |

Received on Wednesday, 16 October 1996 18:43:20 UTC