Joe Touch <[email protected]>: However, TCP options are for changing the behavior of TCP - not of the next > layer. TLS doesn't change TCP at all.
Well, that's if you think of TLS as (a sublayer of) an application protocol. You could think of it as a sublayer of the transport protocol instead. STARTTLS and the like aside, TLS basically doesn't change the application protocol either. (In other words, may TLS is called "Transport Layer Security" for a reason :-) ) > Besides, TLS already works just fine without it. It does, if the application explicitly supports that. TCPINC, however, is about providing protection against pervasive surveillance, with opportunistic encryption without any changes to application protocol specifications and implementations; so using TCPINC to negotiate use of TCP certainly would add value. That said, I now think that TCPINC should offer support to protect some information from the TCP header, probably as an opt-in feature (with rudimentary protection enabled by default). Simply enabling TLS for the data stream clearly doesn't achieve that. Bodo
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
