Re: [TLS] TLS renegotiation issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TLS] TLS renegotiation issue
Nicolas Williams wrote:
>
> > Nicolas Williams wrote:
> > >
> > > I understand. The spec will just have to be updated to say that the
> > > finished messages (or at least the client one) are to be exported to
> > > applications.
>
> Eric's view seems to be that the TLS spec should say nothing about this.
I fully agree with Eric.
IMHO, this proposal should become integral part of rfc5246bis.
For the channel bindings topic, in particular when it starts
discussing API issues, I personally would prefer when it
remains in a seperate document.
>
> > The TLS-specs describe only bits-on-the-wire, protocol semantics
> > and TLS session state management. The TLS specs are entirely
> > silent on API issues. (The IETF does not do APIs, and GSS-API
> > is an exception.)
>
> Wrong. The GSS-API is NOT the only exception. There's also SCTP, and
> probably a number of otheres (heck, even IDNA has an abstract API).
Well, OK.
While I was actively participating IETF meeting (1995-1998) it was
pointed out several times in IETF plenaries by IESG members that
the IETF does not do APIs and GSS-API was an exception.
I seem to have missed that this has changed.
-Martin
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
