Martin Thomson wrote this message on Mon, Aug 03, 2015 at 09:51 -0700: > In the interest of factual accuracy, and because I didn't have a > chance to refute these arguments previously... > > On 3 August 2015 at 08:15, Mirja Kühlewind > <[email protected]> wrote: > > a) TCP-use-TLS > > Contra: > > - dependency on TLS and update cycles of other working group > > Also a Pro. We know that TLS is going to get continued maintenance. > > > - can???t not be implemented in the kernel: > > Not entirely true. I believe that Microsoft does this. Netflix have
This is good evidence: https://msdn.microsoft.com/en-us/library/windows/desktop/aa364671(v=vs.85).aspx > done a partial kernel port. Of course, I appreciate that it might be > considered more difficult as a result of living in the kernel, and > that the existing TLS code for operating systems like Linux is likely > a poor fit. I'm helping out w/ the Netflix in kernel TLS code, and right now the code only does encryption (no decryption), and for normal write traffic frames are constructed in userland, only for sendfile is the frame constructed in the kernel... It requires all key negotiation to be done in userland, so isn't even close to a TLS-use-TCP implementation... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
