On Thu, Feb 23, 2006 at 06:18:23PM -0500, Stephen Kent wrote: > >None of these are solved by SSL; SSL has corresponding solutions for the > >first three, but in no case does it protect the transport connection. > > You are right that SSL/TLS does not protect the transport layer, but > that was not what you asked me to address via that list. It's session protection, but it's meant to seem like transport protection. > >I.e., what is the motivation for BTNS that does not include - if not > >focus - on transport protection? > > Channel binding functionality does not explicitly demand transport > layer protection. Channel binding demans channels to bind to. Such channels must: a) provide adequate (for the cb app) protection for data sent over it, b) provide a way to cryptographically bind to it. > My recollection from the BOF was that only some of the cited > motivations for BTNS explicitly cite transport layer protection. When > applications want to use lower layer security mechanisms to enable > higher performance via off-loading crypto to a different processor, > that can be achieved via SSL/TLS, for example. Yes, that's my motivation. > I think the crux of our possible disagreement is that you see every > BTNS motivation as demanding protection for the transport layer > protocol, whole I see only one of cited motivations as emphasizing > this requirement. We must be converging -- your disagreements with either Joe or myself are more and more matters of degree :) Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.