On 7/29/2014 8:36 AM, Eric Rescorla wrote:
On Tue, Jul 29, 2014 at 8:33 AM, Joe Touch <[email protected] <mailto:[email protected]>> wrote: On 7/29/2014 8:26 AM, Bodo Moeller wrote: Eric Rescorla <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>>: Can you say more about why TLS is hard to deploy? I'm particularly interested in issues which aren't addressed by my draft. I believe that Christian and Craig's discussion is about non-TCPINC usage of TLS -- Christian essentially seemed to be implying that enabling TLS via TCPINC is pointless because TLS is easy to deploy anyway. That would be my view as well; TLS should never be involved with or triggered by TCP. Can you say more about why?
It's a payload mechanism. IMO, involving TLS with TCP is layer crossing, and I don't see any good reason for it. I don't doubt the utility of a TCP BTNS-like mechanism binding to a TLS identity. but TLS shouldn't be the one initiating that.
Joe _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
