I prefer for the WG to select draft a) draft-rescorla-tcpinc-tls-option-03 as the starting point.
The track record of security bugs in developing a new security protocol result in me having a strong preference for using something where lots of people have spent a lot of time looking at the algorithms. I think using TLS as a starting point will results in less problems than something new. It's been a long time since I wrote kernel code but I did the original code for the wireless networking in the Linux kernel. I don't buy the argument that one can not write TLS in the kernel. Many embedded systems (such as Cisco phones) already do TLS in the kernel. Some of the ways that people do SSL based VPNs (like AnyConnect) also ends up with TLS in the kernel. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
