Re: making progress

Things have been a trifle quiet on TLS lately ... :-)

I haven't said anything about Win's "option #2", namely producing an I-D
covering the TLS record layer (compatible with SSLv3), and presumably the
basic encoding rules (XDR-ish), and separating the handshaking into two or
more documents.  (SSLv3 compatible, shared key, and I predict debate re
GSS-API, ISA/KMP, etc flavors.  Which is why I prefer option #1.)

This seems a reasonable thing from a technical standpoint, and I'll just
flag my concern that it not delay concurrent progress on the rest of the
protocol.  If we make the HMAC in the TLS record layer cover the record
header, that would be a positive change!  (An SSL 3.1 could do that too.)

I'm not opposed to shared key support, but I've not seen a proposal that's
well enough defined that I could support it.  For example, one that
supports both low security passphrases and higher security Kerberos
options, with clear operational distinctions like SSLv3 "cipher suite"
model.  Promoting "islands of interoperation" is a bad thing IMHO, and
without a better shared key proposal that's where we'd be heading.

- Dave

Received on Friday, 25 October 1996 12:13:17 UTC