What follows is excellent - and its reinforcing why I asked that "DTLS" (and EAP-TTLS, and SSL for uPnP, and .) be included in the incubator charter: to allow the whole topic of non-traditional SSL handshakes to be considered. We really are defining https-ng, including its connectionless variants. Related: At the IETF meeting in Maastrict (July 2010) there was a presentation at the SAAG meeting about a method to allow enterprise scanning of encrypted traffic by scanners along the network. <http://www.ietf.org/proceedings/78/slides/saag-2.pdf> http://www.ietf.org/proceedings/78/slides/saag-2.pdf . We are going to have maintain the split, between what IETF is good at and what W3C can add - when bringing onto the internet the foaf:agent that makes logical statements (now authenticated-statements) in purely information-object based layer-7 protocols. In one sense, the secure semantic web reduces the internet to a bit pipe. All the internet has to do is enable SSL handshakes to occur, which logical theorems then compose to define signaling protocols with properties X Y and Z. In another sense, the internet can get us to 80% assurance of such a handshake-sigalling infrastructure quickly, allowing the web then to add n 20% additional assurance for each sub-community that cares enough to get its act together and compose those handshakes for theorem P, Q and R. The trick is to retain the divide between web and internet, so the domineering goal of a single uniform security architecture for the internet doesn't interfere with the delivery of the many 20% value adds that the web can bring. If I think of the internet as delivering 80% of the low assurance by default, I think of the web as adding for 20% more effort medium assurance(s). If the web wants to subclass the internet and override its assurance with something better defined for a particular group, it can.Received on Saturday, 12 February 2011 18:46:04 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:41 UTC