On Tue, Jul 29, 2014 at 8:41 AM, Joe Touch <[email protected]> wrote: > > > On 7/29/2014 8:36 AM, Eric Rescorla wrote: > >> >> On Tue, Jul 29, 2014 at 8:33 AM, Joe Touch <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >> On 7/29/2014 8:26 AM, Bodo Moeller wrote: >> >> Eric Rescorla <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>>: >> >> >> >> Can you say more about why TLS is hard to deploy? I'm >> particularly >> interested >> in issues which aren't addressed by my draft. >> >> >> I believe that Christian and Craig's discussion is about >> non-TCPINC >> usage of TLS -- Christian essentially seemed to be implying that >> enabling TLS via TCPINC is pointless because TLS is easy to >> deploy anyway. >> >> >> That would be my view as well; TLS should never be involved with or >> triggered by TCP. >> >> >> Can you say more about why? >> > > It's a payload mechanism. IMO, involving TLS with TCP is layer crossing, > and I don't see any good reason for it.
Hmm... I'm not sure I follow this. We already use the TCP port number to indicate which protocol you are speaking. The problem is that it's not a negotiation. What's wrong with having a protocol offer and selection mechanism at the TCP layer (which is what my draft basically is). -Ekr I don't doubt the utility of a TCP BTNS-like mechanism binding to a TLS > identity. but TLS shouldn't be the one initiating that. > > Joe >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
