I too am confused about this poll, since it seemed clear in Prague that we had consensus to provisionally move forward with both.
With that said, I prefer (a) draft-rescorla-tcpinc-tls-option-03, for the reasons I laid out previously: I believe it's a simple and direct application of TLS to this use case and that's better than having an entirely distinct protocol. It's also valuable to have a design which is a good fit for out-of-band negotiation of application-layer TLS. However, as I said in the meeting, I can live with the proposal to provisionally adopt both drafts and decide in November. -Ekr On Fri, Jul 31, 2015 at 8:11 AM, Martin Thomson <[email protected]> wrote: > I think that Cullen said everything I intended to. See also Mark Twain > when it comes to eggs and baskets. > > And then there is the part where I express confusion about this poll. The > working group seemed to have consensus on something else. > On Jul 31, 2015 2:58 AM, "Cullen Jennings" <[email protected]> wrote: > >> >> I prefer for the WG to select draft a) >> draft-rescorla-tcpinc-tls-option-03 as the starting point. >> >> The track record of security bugs in developing a new security protocol >> result in me having a strong preference for using something where lots of >> people have spent a lot of time looking at the algorithms. I think using >> TLS as a starting point will results in less problems than something new. >> >> It's been a long time since I wrote kernel code but I did the original >> code for the wireless networking in the Linux kernel. I don't buy the >> argument that one can not write TLS in the kernel. Many embedded systems >> (such as Cisco phones) already do TLS in the kernel. Some of the ways that >> people do SSL based VPNs (like AnyConnect) also ends up with TLS in the >> kernel. >> >> >> _______________________________________________ >> Tcpinc mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/tcpinc >> > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
