Re: making progress

> 1) Try to come to closure on an updated/fixed specification
> 	of SSLv3.0 for the standards track, with no major
> 	changes

I'd like to see this happen.  At the very least, the existing
RFC should get updated with the clarifications which I know all
implementors have contributed (including the list of errata),
and then recirculated.

This of course leaves open the issue of "who does it".  I will
gladly help review, applying my experience as an implementor.
No time to help write before the San Jose meeting, though.

> 1. If we pursued option #1, and then never did anything else,
> would the WG have been successful?

Based on some recent discussions in other parts of the IETF,
yes.  New WGs could be set up to do later work.

> 3. Is it better now to advance the state of the art, given that we
> have some user requirements, or simply to codify the current use?

SSL v3.0 _does_ advance the state of the art, and it does
address the requirements of numerous users.

If do our best to ensure that it can later be compatibily
extended (done already, yes?) then we can later advance the
state of the art by bringing additional users under our Big Top
later on, e.g. by supporting shared key authentication via
GSS-API handshaking.  I suspect attribute certs may be more of
a PKI issue than a TLS issue.

- Dave

Received on Monday, 21 October 1996 12:43:32 UTC