TLS doesn't have to be TCP/IP. From the RFC:"At the lowest level, layered on top of some reliable transport protocol (e.g., TCP[TCP]), is the TLS Record Protocol."
For example I could theoretically used TLS over Socket Direct Protocol over IB. What is needs is reliability and order underneath. Also, the AMQP1 negotiation as currently in discussion asserts a demand for TLS very early on - in fact during the AMQP header exchange. So its an option added to AMQP; the current draft header has a bit for it (talk to Rafi, long discussion). This would lead to amqp+tls since the ordered connection is already open and we're asking the TLS + AMQP handshake to begin. Just my logic, and just 1.0 draft. Objections I'd be interested in. Cheers John 2009/2/11 Carl Trieloff <[email protected]> > Alan Conway wrote: > >> John O'Hara wrote: >> >>> Very well considered, and highly flexible.Compatible with where AMQP1.0 >>> is >>> heading (wrt TLS handling -- balance of opinion is that TLS will be on >>> the >>> same port, as it would be for Kerberos based encryption). >>> >>> Missed out a TLS example: >>> >>> amqp+tls://foo:b...@tcp:host1:1234/vhost?clientid=baz >>> >>> >> I think it's cleaner to put modifiers like TLS into the protocol >> identifier rather than the URL scheme: >> >> amqp://foo:b...@tcp+tls: host:... >> >> That gives greater flexibility over protocols used in the host list and >> avoids the problem of mis-matching modifiers and protocols, e.g. if we have >> an infiniband protocol then what would amqp+tls://ib:inifinibandstuff/... >> mean? >> >> What do you think? >> > > tls is tcp, > > so tls/tcp/ib is enough... don't even need ib, as that is just the IP for > the IB port, everything else is transparent. > > to that tls is just another tcp port for that matter > > Carl. > > > > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > >
