Jeffrey Altman wrote:
>> In summary, please use the draft - if you think it's wrong - help
improve
>> it.
>> Current thinking is to publish as informational, if anyone wants to put
it
>> on standards track - speak up now.
>Paul, this document should be standards track. The IESG has repeated
>inferred that the preferred method for providing privacy for
>applications prior to the wide spread implementation of IPSec is to
>use TLS; and not to use SSH tunnels. Without this document going on
>the standards track you will not see significant commercial
>implementations.
The current approach is to publish as Informational because it is a
description of how things work as opposed to a definition of how things
should be.
The alternative is to go down the https route of creating two drafts - one
(Informational) describing some of the hokey stuff that goes on at the
moment (port defined and AUTH SSL) and the other defining the way it
_should_ be done (AUTH TLS). None of the authors currently has the time to
do that separation and push AUTH TLS onto Standards Track - so we intend to
publish the whole thing as Informational and then see if there is any
desire (hopefully in the IETF TLS wg where it belongs) to put the AUTH TLS
stuff onto a more stable footing.
To be honest, I have been quite disappointed by the TLS w/g's lack of
interest in supporting protocols (other than http, of course) that actually
use their tunnel.
Cheers,
Paul
--
Paul Ford-Hutchinson : EMEA eCommerce application security :
[EMAIL PROTECTED]
OSU-1, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5YR +44 (0)1926 462005
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
