IPP> on the use of SSL3 framing and SASL

IPP> on the use of SSL3 framing and SASL

IPP> on the use of SSL3 framing and SASL

Randy Turner rturner at sharplabs.com
Fri Nov 20 17:01:24 EST 1998


I don't think so.....Keith Moore was petitioning for someone to take up
this effort and champion at one of the plenary conferences earlier this
year.

At the moment, there is a draft that allows in-band signaling for TLS using
the HTTP Upgrade:  header.
Basically, you connect without security then "Upgrade:" your way to
whatever you want.

Either method (SASL or the Upgrade: header) would probably work, I'm still
studying Rohit's "Upgrade:" draft...

Randy





Carl Kugler wrote:

> > Chances are that IESG won't allow a standards track RFC to incorporate
> > the SSL3 protocol.  It will have to reference the TLS protocol.
> > Fortuantely, the TLS spec is essentally finished - the TLS WG has
> > finished its internal Last Call and would appear to be ready to send
> > the spec back to IESG.  So I don't expect that referencing the TLS
> > spec would delay adoption of IPP as a standard.
> >
> > Also, while it's technically feasible to always use TLS framing with
> > IPP, it seems like it would be far better to define a SASL negotiation
> > framework for HTTP, which could then negotiate TLS.  SASL is already a
> > Proposed Standard RFC, and is being retro-fitted into a number of
> > existing apps protocols.
> >
>
> Has a SASL negotiation framework for HTTP been defined yet?
>
>     -Carl
>
> > Keith
> >
> >
>
> -----
> See the original message at http://www.egroups.com/list/ipp/?start=2406




More information about the Ipp mailing list