On Mon, 5 Mar 2001, Dave Paris wrote:
> Apache has been (arguably) one of the best OS projects to date. It
> pains me to see the obvious, and most successful current SSL
> implementation not be chosen for the 2.0 revision. I definitely don't
> recall seeing a user-community vote on the topic of SSL/TLS choice for
> the 2.0 revision. I'm sure there are many folks who would have
> appreciated the opportunity to have voiced their opinion. Heck, even
> large companies like Computer Associates take polls of that nature.
Just to throw in an objective perspective in fairness to all (regardless
of my personal preference for mod_ssl):
There is actually a rather big technical problem with just dumping
*either* mod_ssl or Apache-SSL into Apache 2.0. That is that the I/O
mechanics of Apache 2.0 are *completely* different than those of 1.3.
SSL/TLS in 2.0 can and should be implemented using the new I/O filtering
and bucket-brigades data management system of 2.0, which is a fairly
drastic change from any code out there for SSL/TLS in 1.3.
So, while politics does play a factor (necessarily just by human nature),
it's not that the group just said "We choose not to use mod_ssl for 2.0"
for purely political reasons. Rather, they said "We need to get a really
basic SSL/TLS implementation set up that uses filtering and bucket
brigades, because there does not currently exist such a beast. Then we
can pull in all the neat goodies from mod_ssl and Apache-SSL from there."
Hence mod_tls was born. It's currently in stage 1 -- getting it working
as a filter. Next is stage 2... pulling in the goodies.
Don't get disappointed or up-in-arms just yet. =-)
--Cliff Woolley
Apache 2.0/APR contributor
--------------------------------------------------------------
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]