On Mon, Aug 3, 2015 at 12:54 PM, Martin Stiemerling <[email protected]> wrote:
> Hi, > > Am 03.08.15 um 18:51 schrieb Martin Thomson: > >> In the interest of factual accuracy, and because I didn't have a >> chance to refute these arguments previously... >> >> On 3 August 2015 at 08:15, Mirja Kühlewind >> <[email protected]> wrote: >> >>> a) TCP-use-TLS >>> Contra: >>> - dependency on TLS and update cycles of other working group >>> >> >> Also a Pro. We know that TLS is going to get continued maintenance. >> >> - can’t not be implemented in the kernel: >>> >> >> Not entirely true. I believe that Microsoft does this. Netflix have >> done a partial kernel port. Of course, I appreciate that it might be >> considered more difficult as a result of living in the kernel, and >> that the existing TLS code for operating systems like Linux is likely >> a poor fit. >> > > Believe is not a proof. Any evidence for this? > For the claim that MSFT has kernel-mode TLS? Here's what Christian said yesterday: "That argument rings a bit hollow for a Windows kernel developer, since we have in fact access to S-Channel in the Windows kernel. Windows web servers rely on the HTTP.SYS kernel driver, which implements TLS using the kernel API for S-Channel. HTTP.SYS has been doing that for a long time, so there is indeed some experience with that solution. " -Ekr > Martin > > > _______________________________________________ > Tcpinc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tcpinc >
_______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
