There has been significant conversation around whether requiring both
TLS and ICE for a minimally functional reload implementation is too
big of a hurdle during development. Most developers first implement
something without these two components first regardless, but they need
to solve nodes exchanging identifiers (without TLS) on their own and
their protocols are not interoperable for testing purposes. The
reload authors would like to propose adding the following text, or
something similar, to introduce a tcp test mode options:
TCP Test Mode is a transport based on TCP but no security
layer. It SHOULD NOT be used in any production environment as it
has many security vulnerabilities. It is meant only as simple test
mode to facilitate testing and interoperability before moving to
full TLS. When a new TCP session of this type is formed, both ends
of the connection MUST write their binary Node-ID to the wire
before sending any other messages over the session. This allows
both sides to discover the Node-ID of the other side and use this
in a similar way to the Node-ID discovered when using TLS or DTLS
from the certificate in the TLS handshake. This mode MUST not be
used unless the configuration for the overlay instance
specifically allows it.
Bruce
_______________________________________________
P2PSIP mailing list
[EMAIL PROTECTED]
https://www.ietf.org/mailman/listinfo/p2psip
