Re: info on proposed SSL protocol and Netscape implementation

• To: www-security@ns1.rutgers.edu
• Subject: Re: info on proposed SSL protocol and Netscape implementation
• From: Marc Horowitz <marc@mit.edu>
• Date: Sun, 27 Nov 1994 16:19:22 EST
• Reply-To: Marc Horowitz <marc@mit.edu>

>> These divide into three groups operating at different layers of abstraction
>> 
>> 1) Application	PGP/PEM/S-HTTP/SHEN
>> 2) Negotiation	S-HTTP/SHEN/Kerberos
>> 3) Transport		SSL/IP-NG/X-509

There is already an IETF draft standard which handles (3), is designed
to allow (2), although there isn't a spec yet, and there are already
application layers out there for a few common protocols (FTP is the
only one publically available right now, as far as I know).  If you're
doing an internet security protocol and you're not considering GSSAPI,
I'm curious why.  If you don't know what it is, take a look at RFC's
1508 and 1509.  There's also an internet-draft spec for a krb5
mechanism, for which an implementation is freely available as a part
of the MIT kerberos 5 release.

I speculate that any protocol at these layers (above IP) which ignores
GSSAPI is likely to be looked upon poorly by the IETF.

		Marc

• Re: info on proposed SSL protocol and Netscape implementation
• From: hallam@dxal18.cern.ch

• Previous: Re: info on proposed SSL protocol and Netscape implementation
• Next: Re: info on proposed SSL protocol and Netscape implementation
• Index(es):
  • Index
  • Thread