Discussion at Minneapolis concluded with a hum that TLS will remain the only option. No changes will be made to the draft at this time.
Bruce On Tue, Nov 4, 2008 at 3:33 PM, Bruce Lowekamp <[EMAIL PROTECTED]> wrote: > There has been significant conversation around whether requiring both > TLS and ICE for a minimally functional reload implementation is too > big of a hurdle during development. Most developers first implement > something without these two components first regardless, but they need > to solve nodes exchanging identifiers (without TLS) on their own and > their protocols are not interoperable for testing purposes. The > reload authors would like to propose adding the following text, or > something similar, to introduce a tcp test mode options: > > TCP Test Mode is a transport based on TCP but no security > layer. It SHOULD NOT be used in any production environment as it > has many security vulnerabilities. It is meant only as simple test > mode to facilitate testing and interoperability before moving to > full TLS. When a new TCP session of this type is formed, both ends > of the connection MUST write their binary Node-ID to the wire > before sending any other messages over the session. This allows > both sides to discover the Node-ID of the other side and use this > in a similar way to the Node-ID discovered when using TLS or DTLS > from the certificate in the TLS handshake. This mode MUST not be > used unless the configuration for the overlay instance > specifically allows it. > > Bruce > _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
