On Friday 03 March 2006 21:10, Justin Karneges wrote: > Hmm, there shouldn't be a need to introduce server names into TLS, which is > technically supposed to exist independently of TCP/IP. > > IMO, a better way would be to use RFC 2817, which allows upgrading a > plaintext HTTP connection to TLS dynamically. It works essentially the > same way as XMPP's "starttls". Sadly, no one actually uses this great > spec.
I'm sure that some services still have a name outside of TCP/IP. Besides, it's only an extension, which does make a bit of sense since you would just choose not to use that extension in the case where you're not going over TCP/IP (analogous to an XMPP server choosing not to allow external auth if the connection is not going over TLS.) Funnily enough, if we'd had naming in TLS from the start, there probably wouldn't even *be* STARTTLS since everyone would be using the better method. :-) RFC 2817 is still neat though. Funny how web browsers, despite being the most used Internet app around, or so they say, are so slow to follow standards. We should have SRV for web browsers too, but hardly anyone implemented that too. TX -- Email: [EMAIL PROTECTED] Jabber ID: [EMAIL PROTECTED] Web site: http://trypticon.org/ GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F A62C B8C7 BC8B 037E EA73
pgpTrwM2LrARY.pgp
Description: PGP signature