Re: making progress from Jeff Williams on 1996-10-21 (ietf-tls@w3.org from October to December 1996)

From: Jeff Williams <jwkckid1@ix.netcom.com>
Date: Mon, 21 Oct 1996 16:50:57 -0500
To: david.brownell@eng.sun.com (David Brownell - JavaSoft)
Cc: ietf-tls@w3.org
Message-Id: <1.5.4.16.19961021215057.28af6428@popd.ix.netcom.com>

Dave and all,

At 09:43 AM 10/21/96 -0700, you wrote:
>> 1) Try to come to closure on an updated/fixed specification
>> 	of SSLv3.0 for the standards track, with no major
>> 	changes
>
>I'd like to see this happen.  At the very least, the existing
>RFC should get updated with the clarifications which I know all
>implementors have contributed (including the list of errata),
>and then recirculated.

  I agree here whole hartedly.  I think this should be a primary goal.
>
>This of course leaves open the issue of "who does it".  I will
>gladly help review, applying my experience as an implementor.
>No time to help write before the San Jose meeting, though.

  Well, Dave, I am offering my services and experiance if it is needed.
>
>
>> 1. If we pursued option #1, and then never did anything else,
>> would the WG have been successful?
>
>Based on some recent discussions in other parts of the IETF,
>yes.  New WGs could be set up to do later work.

  I think that new WG's is a good idea, coordination may be a problem,
but managable.  I would be gad to participate and off er my implimentation
experiance here.  This could get the agressive schedual met possibly as well.
>
>
>> 3. Is it better now to advance the state of the art, given that we
>> have some user requirements, or simply to codify the current use?
>
>SSL v3.0 _does_ advance the state of the art, and it does
>address the requirements of numerous users.
>
>If do our best to ensure that it can later be compatibily
>extended (done already, yes?) then we can later advance the
>state of the art by bringing additional users under our Big Top
>later on, e.g. by supporting shared key authentication via
>GSS-API handshaking.  I suspect attribute certs may be more of
>a PKI issue than a TLS issue.

I am not sure I agree that attribute certs is more of an PKI issue than a TLS
issue.  Shared athentication should also be addressed as it is intragle in my
opinion.

Reguards,

>
>- Dave
>
>
>
Jeffrey A. Williams
SR.Internet Network Eng. 
CEO., IEG., INC.,  Representing PDS .Ltd.
Web: http://www.pds-link.com 
Phone: 214-793-7445 (Direct Line)
Director of Network Eng. and Development IEG. INC.

Received on Monday, 21 October 1996 18:16:00 UTC