Re: closure on TLS via SSL3


I too agree with this approach, which was proposed as far back
as Montreal.

In SSL3, we have "rough concensus and running code", if you
count the existance of the current implementation and the fact
that major interested parties have widespread deployment.

It might not be everyone's idea of perfection, but it seems
quite acceptable for a "TLS 1.0" iteration.  These other
discussions can happen for the next generation.

I assume that most people would agree that SOMETHING will
happen after the first TLS version, since this is not a static
technology, therefore presuming the existance of a post-TLS-1.0
standard seems reasonable.

>Resent-Date: Wed, 16 Oct 1996 21:28:46 -0400
>Resent-Message-Id: <>
>Date: Wed, 16 Oct 1996 20:03:44 -0500
>From: Jeff Williams <>
>Subject: Re: Busted TLS Schedule, and a Proposal for Closure
>X-Mailing-List: <> archive/latest/388
>At 03:44 PM 10/16/96 -0700, you wrote:
>>Christopher Allen wrote:
>>> As I recall there were only two technical proposals on the
table in
>>> August and September (both of which I think were late),
>>> authority attributes, and Microsoft's secret key
authentication. I
>>> have not seen on this list sufficient consensus to move
forward on
>>> either of them.
>>> I would like to suggest to Win Treese, the TLS-WG chairman,
that we
>>> table the two proposals for now, and settle on moving SSL
3.0 into TLS
>>> 1.0 *as is*, however, with some clarifications to the spec.
>>> I would like to see that early in November a small group of
>>> who have actually *implemented* SSL 3.0 get together with
the current
>>> SSL 3.0 authors to clarify the spec. *Not* change the spec,
>>> clarify any ambiguities (we have found in writing SSLRef
3.0, SSL
>>> Plus, and an SSL Fortezza implemenation a number of
ambiguities, and
>>> I'm sure others have as well.)
>>> This cleaned up spec would be called TLS 1.0 and published
as an
>>> internet draft for final comments in time for the December
>>> meeting in San Jose.
>>> SSL 3.0 is already widely deployed. Both Microsoft and
Netscape have
>>> it now in their browsers and servers, and many other
companies now
>>> have SSL 3.0 browsers, web servers, and non-web application
>>> development with SSL 3.0.
>>> Thus I believe that is appropriate that the continued
revisions of the
>>> SSL 3.0 standard move to IETF change control, and it's
authors seem
>>> willing to allow it to do so. Given this I think SSL 3.0 is
>>> appropriate starting point for IETF and TLS-WG, and that
the the
>>> TLS-WG should ratify it with the ambiguities cleaned up.
>>> From that solid base we can move toward TLS 1.1, which then
>>> include Microsoft's and Netscape's proposals.
>>I think this is an excellent idea.
>  I agree with Tom here.  I would add that when seperating the
two documents
>that mutual refrence to each be included in each.  I would
also think that
> authority attributes, and Microsoft's secret key
authentication be included in
>a manner that would be inclusive in the final perposal
>>You should only break rules of style if you can    | Tom
>>coherently explain what you gain by so doing.      |
>Jeffrey A. Williams
>SR.Internet Network Eng. 
>CEO., IEG., INC.,  Representing PDS .Ltd.
>Phone: 214-793-7445 (Direct Line)
>Director of Network Eng. and Development IEG. INC.
Version: 4.0 Business Edition


               Rodney Thayer <>       +1 617 332 7292
               Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
               Fax: +1 617 332 7970 
                           "Developers of communications software"

Received on Thursday, 17 October 1996 12:12:17 UTC