- From: David Brownell - JavaSoft <david.brownell@Eng.Sun.COM>
- Date: Fri, 25 Oct 1996 09:13:09 -0700
- To: ietf-tls@w3.org
Things have been a trifle quiet on TLS lately ... :-) I haven't said anything about Win's "option #2", namely producing an I-D covering the TLS record layer (compatible with SSLv3), and presumably the basic encoding rules (XDR-ish), and separating the handshaking into two or more documents. (SSLv3 compatible, shared key, and I predict debate re GSS-API, ISA/KMP, etc flavors. Which is why I prefer option #1.) This seems a reasonable thing from a technical standpoint, and I'll just flag my concern that it not delay concurrent progress on the rest of the protocol. If we make the HMAC in the TLS record layer cover the record header, that would be a positive change! (An SSL 3.1 could do that too.) I'm not opposed to shared key support, but I've not seen a proposal that's well enough defined that I could support it. For example, one that supports both low security passphrases and higher security Kerberos options, with clear operational distinctions like SSLv3 "cipher suite" model. Promoting "islands of interoperation" is a bad thing IMHO, and without a better shared key proposal that's where we'd be heading. - Dave
Received on Friday, 25 October 1996 12:13:17 UTC