Hannes, Hannes Tschofenig <[email protected]> writes:
> Hi all, > > based on the recent email discussion about the DTLS proxy I thought it might > be useful that there was some thinking about how to run TLS/DTLS at the > application layer. I don't understand this statement. The whole point of TLS/DTLS is that it runs at the Application Layer (as opposed to at the network layer, like IPsec). Indeed, the fact that it could run at the application layer (e.g. in a web brower / web server) is exactly why SSL/TLS was created in the first place. It meant you didn't require waiting for the kernel/OS to add network security. > There are essentially two drafts that have been submitted at the same time for > IETF#100, namely > > https://tools.ietf.org/html/draft-tschofenig-layered-tls-00 > > https://tools.ietf.org/html/draft-friel-tls-over-http-00 So you are moving the application layer up even higher than the historic view of an application layer? Perhaps we need a better naming scheme here. > Both teams have worked on prototypes and getting it to work was remarkably > simple. -derek -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
