Hi Derek There might indeed be room for improvement on the terminology front. I was using the "application layer TLS terminology" because it was used in discussions in the TLS working group and at the TLS WG session @ IETF#100.
I suspect that the use cases in various documents, which differ slightly, might give a better idea what we try to accomplish. Ciao Hannes -----Original Message----- From: Derek Atkins [mailto:[email protected]] Sent: 21 November 2017 18:34 To: Hannes Tschofenig Cc: [email protected] Subject: Re: [Ace] Application Layer TLS Hannes, Hannes Tschofenig <[email protected]> writes: > Hi all, > > based on the recent email discussion about the DTLS proxy I thought it > might be useful that there was some thinking about how to run TLS/DTLS > at the application layer. I don't understand this statement. The whole point of TLS/DTLS is that it runs at the Application Layer (as opposed to at the network layer, like IPsec). Indeed, the fact that it could run at the application layer (e.g. in a web brower / web server) is exactly why SSL/TLS was created in the first place. It meant you didn't require waiting for the kernel/OS to add network security. > There are essentially two drafts that have been submitted at the same > time for IETF#100, namely > > https://tools.ietf.org/html/draft-tschofenig-layered-tls-00 > > https://tools.ietf.org/html/draft-friel-tls-over-http-00 So you are moving the application layer up even higher than the historic view of an application layer? Perhaps we need a better naming scheme here. > Both teams have worked on prototypes and getting it to work was > remarkably simple. -derek -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
