[530] in WWW Security List Archive
Re: SSL etc
daemon@ATHENA.MIT.EDU (Kipp E.B. Hickman)
Tue Mar 21 18:54:55 1995
To: www-security@ns1.rutgers.edu
From: "Kipp E.B. Hickman" <kipp@netscape.com>
Date: 21 Mar 1995 19:12:43 GMT
Errors-To: owner-www-security@ns2.rutgers.edu
> Excerpts from mail: 17-Mar-95 Re: SSL etc by smb@research.att.com
> > One important point about SSL is that it is not purely limited
> > to WWW. I will be implementing SSL for SMTP conversations some
> > time in the next couple of months. I am actually trying to
> > find out what port people would wish that I used.
>
> > This is also a disadvantage, in that the same functionality is being
> > standardized at a different layer, to wit the IP security stuff.
>
> I would think that this is actually an advantage. Once this
> Internet standard IP level security stuff comes along, none of the
> protocols above the SSL security layer need to change. The SSL layer
> just drops out, and everything remains the same above the SSL layer. In
> this way NO new protocols other than SSL need to be introduced while
> we're waiting for IP security, and all of the existing protocols
> continue to be relevant after that point.
This was one of the primary design points for SSL: once the lower layers
support security, SSL can get out of the way. SSL in essense was designed as a
temporary measure to help usher in the secure network age that is coming.
Sort of an electronic John the Baptist...
---------------------------------------------------------------------
Kipp E.B. Hickman Netscape Communications Corp.
kipp@netscape.com http://home.mcom.com/people/kipp/index.html
