On Sun, Aug 2, 2015 at 1:30 PM, Christian Huitema <[email protected]> wrote: > On Sunday, August 2, 2015 12:52 PM, John-Mark Gurney wrote: >> >> ... >> It's sounds like you view TLS-use-TCP as doing full certificate parsing >> and validation in the kernel, is this correct? > > There are multiple ways to implement a shim between application and TCP. If I > implemented this in the Windows kernel, I would use the existing kernel API. > But I can see many other ways. > > Your specific question on certificate is a matter of profiles. EKR proposed > "ECDH anon with P256 and Curve25519." This is "anonymous Diffie-Helman with > elliptic curves." It does not involve any certificate at all.
Your email talked about authentication. Was that going to interact with the shim, or just signal to the app that it should do TLS? If the second, what is the gain from using TLS over TCP instead of opting out of tcpcrypt if the app will do TCP? > > -- Christian Huitema > > > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
