[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-hoffman-rfc2487bis-03.txt

To: ietf-apps-tls@xxxxxxx
Subject: Re: draft-hoffman-rfc2487bis-03.txt
From: John Gardiner Myers <jgmyers@xxxxxxxxxxxx>
Date: Thu, 31 Aug 2000 18:10:43 -0700
List-archive: <http://www.imc.org/ietf-apps-tls/mail-archive/>
List-id: <ietf-apps-tls.imc.org>
List-unsubscribe: <mailto:ietf-apps-tls-request@imc.org?body=unsubscribe>
Newsgroups: mcom.list.ietf-apps-tls
Organization: Netscape Communications Corporation
References: <> <> <>
Sender: owner-ietf-apps-tls@xxxxxxxxxxxx

Lutz Jaenicke wrote:
> From my understanding of RFC 2487 (and the latest draft) this behaviour
> is conform with respect to the standard.

You are violating at least the intent of section 4.  You are doing the
clients a grave disservice by advertising a capability when the obvious
necessary preconfiguration for that capability (such as installing a
cert) has not been done.

Since TLS certs are not common, such an implementation strategy is most
likely to lead to a server population advertising STARTTLS but unable to
negotiate TLS far outnumbering the server population capable of
negotiating TLS.  In such a situation, the STARTTLS keyword would have
negligible informational value; it would be worthless.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Re: draft-hoffman-rfc2487bis-03.txt
  - From: Lutz Jaenicke
- Re: draft-hoffman-rfc2487bis-03.txt
  - From: RL 'Bob' Morgan
- Re: draft-hoffman-rfc2487bis-03.txt
  - From: Lutz Jaenicke

Prev by Date: Re: draft-hoffman-rfc2487bis-03.txt
Next by Date: Important Text - Something I need to tell you.
Previous by thread: Re: draft-hoffman-rfc2487bis-03.txt
Next by thread: Re: draft-hoffman-rfc2487bis-03.txt
Index(es):
- Date
- Thread