[EMAIL PROTECTED] writes:
> From: Richard Levitte
>
> >Uhmmm, yes. Note that I said "wide-spread fashion". The reason I
> >said that is that I never trust a draft to stay current. I trust
> >an RFC a lot more.
>
> This is an interesting one !! SSL isn't RFC (it only ever made it to
> draft) TLS only became an RFC in Jan '99.
> HTTPS isn't RFC (draft-ietf-tls-https-04.txt) (and isn't likely to be
> standards track, because it is broken in a multihomed environment) etc...
> etc...
One of the primary objections to SSL was precisely that it never
was published in an open fixed form. However, the de facto standard
is Netscape's implementation and that's quite stable.
You'll note that TLS implementation still lags, even though it's
been at Proposed for quite some time.
HTTPS has been approved as an Informational RFC.
HTTP Upgrade (draft-ietf-tls-http-upgrade-05.txt) has been
approved as a Proposed Standard. Both documents are waiting
to pop out of the RFC Editor Queue.
They should be taken to be relatively stable, since only editorial
changes are supposed to occur at this point.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
