[240] in WWW Security List Archive
Re: info on proposed SSL protocol and Netscape implementation
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Sun Nov 27 18:30:20 1994
To: www-security@ns1.rutgers.edu
Date: Sun, 27 Nov 1994 16:19:22 EST
From: Marc Horowitz <marc@mit.edu>
Reply-To: Marc Horowitz <marc@mit.edu>
>> These divide into three groups operating at different layers of abstraction
>>
>> 1) Application PGP/PEM/S-HTTP/SHEN
>> 2) Negotiation S-HTTP/SHEN/Kerberos
>> 3) Transport SSL/IP-NG/X-509
There is already an IETF draft standard which handles (3), is designed
to allow (2), although there isn't a spec yet, and there are already
application layers out there for a few common protocols (FTP is the
only one publically available right now, as far as I know). If you're
doing an internet security protocol and you're not considering GSSAPI,
I'm curious why. If you don't know what it is, take a look at RFC's
1508 and 1509. There's also an internet-draft spec for a krb5
mechanism, for which an implementation is freely available as a part
of the MIT kerberos 5 release.
I speculate that any protocol at these layers (above IP) which ignores
GSSAPI is likely to be looked upon poorly by the IETF.
Marc
