On 01/20/2014 03:11 PM, Stephen Kent wrote: >> For example, when the tcpcrypt folks turned up at the IETF a >> couple of years ago I was against it really. That was mostly >> because I figured we already had TLS so why would we want >> another thing that's so similar but partly because they were >> selling it as "better" than TLS. I've now concluded that I >> was wrong about that and am encouraging them as I can. > I wish you wouldn't encourage them. I can easily see confusion > and non-interoperability arising because of the need to choose > between TLS and tcpcrypt.
I think its fair to say that the question of when tcpcrypt might be a better tool to use than TLS is an open one, and one where it'd be good to have some deployment experience before making recommendations. Speculating, I'd expect that if tcpcrypt were implemented in some kernels then it'd be useful in places where you can't feasibly use TLS. But that's me speculating and I'm sure the proponents of tcpcrypt can give you a better answer. S. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
