[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lemonade] QUICKSTART update

To: Chris Newman <Chris.Newman at Sun.COM>
Subject: Re: [lemonade] QUICKSTART update
From: Tony Finch <dot at dotat.at>
Date: Thu, 17 May 2007 17:42:51 +0100
Cc: lemonade at ietf.org
In-reply-to: <F570F4565768711E442B7F56@[10.1.110.5]>
List-help: <mailto:lemonade-request@ietf.org?subject=help>
List-id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-post: <mailto:lemonade@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
References: <Pine.LNX.4.64.0704191954110.14761@hermes-1.csi.cam.ac.uk> <F570F4565768711E442B7F56@[10.1.110.5]>

On Wed, 16 May 2007, Chris Newman wrote:
>
> It's my opinion that the way profile B interacts with the TLS layer is
> problematic for implementations. [...]
>
> The problem is that activating the TLS layer is a software state change
> that takes over both socket directions.  So it really shouldn't happen
> until the only subsequent protocol will be TLS packets.  Having secure
> and non-secure packets in-transit at the same time is not a good idea
> from a state management point of view.

Thanks for looking into this, and especially for having a go at
implementing it. I have to agree even though it makes me sad that this
means it probably isn't possible to safely eliminate the last RTT. In the
next revision I'll replace pipelined STARTTLS with QTLS, and make sure
that the cleartext/TLS boundary is simple.

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
VIKING NORTH UTSIRE SOUTH UTSIRE: NORTHERLY BACKING SOUTHERLY 4, INCREASING 5
TO 7, PERHAPS GALE 8 LATER. SLIGHT, BECOMING MODERATE OR ROUGH. RAIN LATER.
MODERATE OR GOOD.


_______________________________________________
lemonade mailing list
lemonade at ietf.org
https://www1.ietf.org/mailman/listinfo/lemonade
Supplemental Web Site:
http://www.standardstrack.com/ietf/lemonade

References:
- [lemonade] QUICKSTART update
  - From: Tony Finch
- Re: [lemonade] QUICKSTART update
  - From: Chris Newman

Prev by Date: [lemonade] Re: [MORG] Context update
Next by Date: RE: [lemonade] Re: [MORG] Context update
Previous by thread: Re: [lemonade] QUICKSTART update
Next by thread: [lemonade] Re: CORRECTED DATES: IETF LEMONADE Interim Meeting
Index(es):
- Date
- Thread