> Chances are that IESG won't allow a standards track RFC to incorporate
> the SSL3 protocol. It will have to reference the TLS protocol.
> Fortuantely, the TLS spec is essentally finished - the TLS WG has
> finished its internal Last Call and would appear to be ready to send
> the spec back to IESG. So I don't expect that referencing the TLS
> spec would delay adoption of IPP as a standard.
>> Also, while it's technically feasible to always use TLS framing with
> IPP, it seems like it would be far better to define a SASL negotiation
> framework for HTTP, which could then negotiate TLS. SASL is already a
> Proposed Standard RFC, and is being retro-fitted into a number of
> existing apps protocols.
Has a SASL negotiation framework for HTTP been defined yet?
See the original message at http://www.egroups.com/list/ipp/?start=2406